docfactory-uiux
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill optionally executes a local Python script
scripts/validate_docfactory_uiux.py. Analysis of this script confirms it only performs read-only structural checks on the generated markdown file using the Python standard library. It does not accept external input or execute arbitrary commands. - [DATA_EXPOSURE] (SAFE): No hardcoded secrets, API keys, or sensitive file paths (like SSH keys or environment files) were found in any of the skill files.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not attempt to download external packages or scripts. It relies entirely on provided local templates and references.
- [PROMPT_INJECTION] (SAFE): The instructions in
SKILL.mdare focused on persona and formatting rules. There are no attempts to bypass safety filters or ignore system instructions. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from
02-prd.mdand other documentation files. However, the capability tier is LOW as it only uses this data to populate a static markdown template for human review and lacks dangerous side effects like network exfiltration or shell execution of processed data.
Audit Metadata