doc-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads and processes external Python source files, which is a known vector for indirect prompt injection.
- Ingestion points: Python files (.py) and directories processed via
astorinspectmodules. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded within the extracted docstrings.
- Capability inventory: File system read (to access source code) and typically file system write (to save generated markdown), though write is not explicitly defined in the script.
- Sanitization: None. The skill suggests direct extraction and formatting of docstring content without sanitization.
- [Dynamic Execution] (LOW): The documentation suggests using the
inspectmodule for runtime introspection. - Evidence: Using
inspectoften requires importing the target module into the Python environment. Importing untrusted code can trigger execution of top-level logic or malicious code within the module's__init__or global scope.
Audit Metadata