product-documentation-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill consists entirely of Markdown content and Mermaid diagrams. There are no associated scripts, binaries, or automation commands detected in the provided file.
- Data Exposure (SAFE): There are no hardcoded credentials, API keys, or references to sensitive local file paths (such as SSH keys or environment files).
- Indirect Prompt Injection (SAFE): The skill outlines a process for analyzing 'User Feedback' and 'Feature Lists', which are external data sources. While this constitutes a surface for indirect prompt injection, the skill lacks any execution capabilities or tools that could be maliciously leveraged if an injection occurred.
- Ingestion points: External inputs like '用户反馈' (User Feedback) and '产品功能清单' (Product Feature List) in SKILL.md.
- Boundary markers: Absent; the skill relies on the underlying LLM's standard processing.
- Capability inventory: None; the skill is restricted to generating text documentation.
- Sanitization: No explicit sanitization of input data is defined.
Audit Metadata