architecture-md
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for documentation purposes and operates entirely on the local file system using standard tools like tree and glob. It does not attempt to access sensitive user directories outside the project scope.
- [SAFE]: The skill reads project configuration files such as package.json and pyproject.toml to extract project metadata. This data is used solely for generating documentation and is not transmitted externally.
- [PROMPT_INJECTION]: The skill processes untrusted content from the codebase being documented, which is a potential surface for indirect prompt injection. 1. Ingestion points: Files within the codebase as specified in Step 1 of SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File system read access and directory listing via tree/glob. 4. Sanitization: Absent. This represents a standard surface area for documentation tools and is considered low risk.
Audit Metadata