wiki-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes read-only git commands including 'git remote get-url origin' and 'git rev-parse --abbrev-ref HEAD'. These are standard practices for resolving repository context and branch names to facilitate the generation of accurate documentation links.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project source code and configuration files to create documentation, which technically creates a surface for indirect prompt injection. However, given the skill's primary purpose and limited output scope (writing markdown files), this is considered a safe operational surface.
- Ingestion points: The skill reads repository configuration files (e.g., package.json, Cargo.toml, pyproject.toml) and source code to identify project patterns and domain models.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompt instructions.
- Capability inventory: The skill is permitted to read local files and write generated documentation to the 'onboarding/' directory.
- Sanitization: No specific sanitization methods for the ingested source code are defined, relying on the agent's summarization logic to filter content.
Audit Metadata