technical-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through its ingestion of untrusted data.\n
- Ingestion points: The
api_doc_generator.pyscript parses Python source code, anddoc_validator.pyprocesses documentation files.\n - Boundary markers: No boundary markers or instructions to disregard instructions embedded in the processed data are mentioned in the summary.\n
- Capability inventory: The skill is described as having the ability to read local files (source code) and write output files (OpenAPI specs, markdown, and reports).\n
- Sanitization: There is no evidence of sanitization or filtering of instructions contained within docstrings or comments in the source code being analyzed.\n- [COMMAND_EXECUTION] (SAFE): The skill documentation mentions executing local Python scripts for validation and generation. This behavior is consistent with the primary purpose of a developer-oriented documentation tool.\n- [CREDENTIALS_UNSAFE] (SAFE): API documentation templates include placeholders like
YOUR_API_KEYrather than actual secrets.
Audit Metadata