documentation-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to analyze untrusted external code to generate documentation, creating a vulnerability surface where malicious instructions embedded in code comments could influence the agent's behavior. * Ingestion points: The skill ingest code from file paths and directories (e.g., 'src/utils/') specified by the user. * Boundary markers: The skill lacks explicit delimiters or instructions to treat analyzed code strictly as data rather than instructions. * Capability inventory: The agent produces external documentation outputs (files), which represents a medium-privilege capability when handling untrusted data. * Sanitization: No logic is present to filter or sanitize potential instructions found within the analyzed source files.
- Static Analysis (SAFE): No executable code, remote scripts, or hardcoded credentials were found within the documentation-generator instructions.
Audit Metadata