api-documenter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill parses comments and docstrings from source code files which may be attacker-controlled. \n- Ingestion points: Processes .js, .py, .java, and other source files via Read and Grep tools. \n- Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands or delimiters when parsing text from comments. \n- Capability inventory: Utilizes Read, Write, and Grep tools to modify the local filesystem (e.g., generating openapi.json). \n- Sanitization: Absent; the skill extracts raw text from code comments to generate documentation descriptions without prior validation or escaping.
Audit Metadata