document-writer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious patterns detected. The skill is entirely composed of documentation templates, writing guidelines, and instructional workflow steps for generating READMEs, API references, and architecture documents.
- Indirect Prompt Injection (INFO): The skill is designed to ingest external content (source code provided by the user) to generate documentation. While this creates an ingestion surface for potential instructions hidden in code comments, the skill lacks any 'write' or 'execute' capabilities that could be exploited. Its output is limited to text display for the user, posing no systemic risk.
- Data Exposure (INFO): Code examples include placeholders like
process.env.API_KEY, which follow security best practices by encouraging the use of environment variables instead of hardcoding credentials.
Audit Metadata