Skills
skills/armanzeroeight/fastagent-plugins/api-docs-generator/Gen Agent Trust Hub

api-docs-generator

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell commands including npx, pdoc, and make. The use of make is a security concern as it can execute arbitrary commands defined within a project's Makefile.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill uses npx to dynamically download and execute Node.js packages (swagger-jsdoc, jsdoc) from the public npm registry at runtime, which introduces dependency on external registry integrity.
  • [PROMPT_INJECTION] (MEDIUM): The skill has an Indirect Prompt Injection surface (Category 8) because it parses comments in source code files. Evidence Chain: 1. Ingestion: Reads routes/*.js, src/, and Python package files. 2. Boundary markers: Absent; no delimiters or instructions exist to prevent the agent from obeying instructions found in comments. 3. Capability inventory: Shell command execution and file output. 4. Sanitization: None; the content is processed directly by documentation tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 07:23 AM