domain-readme
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate documentation tasks using local file access and does not exhibit any malicious behavior.
- [COMMAND_EXECUTION]: The skill includes a local utility script (
scripts/extract_api.js) used to parse Angular source code. The script uses safe regular expression matching and does not execute the code it reads. - [DATA_EXFILTRATION]: No network activity was detected. The skill only reads from and writes to the local project directory as part of its primary function.
- [PROMPT_INJECTION]: The skill processes untrusted source code to generate documentation, which is a potential surface for indirect prompt injection. The risk is minimal as information is extracted via structured regex parsing.
- Ingestion points:
scripts/extract_api.jsreads TypeScript source files. - Boundary markers: None explicitly used during prompt interpolation.
- Capability inventory: Filesystem write access to create or update
README.md. - Sanitization: Content is parsed using regular expressions to extract specific signatures rather than direct LLM summarization of entire files.
Audit Metadata