adding-service-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches service logos and YAML metadata from the official coollabsio/coolify GitHub repository. These assets are essential for generating documentation and are retrieved from the vendor's own infrastructure.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run 'bun run dev' and 'bun run build'. These commands are used to verify the documentation locally and are standard for VitePress projects.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface due to its data processing nature.
- Ingestion points: Service metadata is extracted from YAML files in the vendor's repository as described in METADATA.md.
- Boundary markers: The skill does not define specific delimiters for interpolating extracted data into documentation files.
- Capability inventory: The agent has permissions to write files and execute bash commands (Bash, Write tools) within the project environment as specified in SKILL.md.
- Sanitization: There is no explicit sanitization step mentioned for metadata fields before they are written to the site's code or content.
Audit Metadata