docs-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect prompt injection vulnerability (Category 8). The skill reads docstrings and code comments from the repository to generate documentation files. If an attacker can influence the source code (e.g., via a Pull Request), they could inject instructions that might be followed by the documentation agent.
- Ingestion points: backend/routers//*.py and backend/utils//*.py.
- Boundary markers: Absent.
- Capability inventory: Executes 'git diff', performs file-write operations to the docs/ and .cursor/ directories.
- Sanitization: Absent.
- [Data Exposure & Exfiltration] (SAFE): No unauthorized access to sensitive files like credentials or environment variables. No exfiltration of data to external domains was detected.
- [Unverifiable Dependencies] (SAFE): The skill mentions using standard Python libraries (ast) and common frameworks (FastAPI, Pydantic). No suspicious external package installations or remote script executions were found.
Audit Metadata