docfactory-init
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 1: Prompt Injection (SAFE): Instructions are focused on product strategy and document generation. No patterns associated with bypassing safety filters or overriding system instructions were found.
- Category 2: Data Exposure & Exfiltration (SAFE): The skill does not access sensitive local files or perform network operations. It only writes non-sensitive markdown files to the local directory.
- Category 3: Obfuscation (SAFE): No evidence of encoded commands, zero-width characters, or homoglyphs.
- Category 4: Unverifiable Dependencies (SAFE): The skill depends on 'pyyaml', a reputable library for YAML parsing. It uses 'yaml.safe_load' to prevent unsafe object instantiation.
- Category 8: Indirect Prompt Injection (LOW): The skill ingests untrusted app idea data which influences the output documents.
- Ingestion points: 'scripts/generate_docfactory_init.py' reads a user-provided YAML file.
- Boundary markers: 'SKILL.md' specifies clear '---FILE: filename---' delimiters for outputs.
- Capability inventory: The skill can write files to the local filesystem and run a structural validation script.
- Sanitization: Inputs are parsed using 'yaml.safe_load()', providing protection against standard deserialization attacks.
- Category 10: Dynamic Execution (SAFE): Scripts use template interpolation for markdown generation but do not execute dynamically generated code or use unsafe 'eval/exec' functions on user input.
Audit Metadata