backend-to-frontend-handoff-docs
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill exhibits a surface for indirect prompt injection (Category 8) by ingesting untrusted data. Evidence: 1. Ingestion points: Analysis of 'Completed API code' and 'business context' (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: Local file system writes to the documentation directory (SKILL.md); 4. Sanitization: No escaping or validation of code content before interpolation is mentioned. An attacker with the ability to commit code to the repository could potentially influence the generated documentation via malicious comments.
- [Data Exposure & Exfiltration] (SAFE): While the skill reads local source code, it is limited to the project context and does not target sensitive system files (e.g., credentials, SSH keys). No network operations or external exfiltration patterns were detected.
- [Command Execution] (SAFE): The skill lacks instructions for shell command execution, subprocess spawning, or dynamic code evaluation (eval/exec). All operations are confined to standard file system interaction.
Audit Metadata