component-documenter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to bypass safety filters or override the agent's core programming were found. The use of 'IMPORTANT' or 'CRITICAL' markers is absent.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or access to sensitive local file paths (like ~/.ssh) are present. Network references are limited to legitimate documentation and package registry URLs.
- [Remote Code Execution] (SAFE): The skill contains example commands like 'npm install' and 'npx' within documentation templates. These are intended as user instructions and do not represent autonomous execution of untrusted remote code by the agent.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or other encoding techniques were used to hide malicious intent.
- [Indirect Prompt Injection] (SAFE): The skill possesses a data ingestion surface as it reads local source code to generate documentation. While this is an inherent surface for this type of tool, the skill's primary purpose is documentation, and no patterns were found that would cause the agent to execute instructions embedded in comments of the files it reads.
Audit Metadata