document
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to automate documentation creation by analyzing the repository's codebase. It correctly prioritizes grounding its output in existing files such as package files and .env.example.
- [PROMPT_INJECTION]: While the skill ingests untrusted data from the repository (an indirect prompt injection surface), this is inherent to its primary purpose as a documentation tool. The risk is minimized by its focus on generating static markdown content rather than executing code derived from those files. 1. Ingestion points: Repository files at <WORKSPACE_ROOT> (SKILL.md). 2. Boundary markers: Absent; the subagent prompt does not explicitly warn about ignoring embedded instructions in source files. 3. Capability inventory: Generates markdown text to be committed as documentation (SKILL.md). 4. Sanitization: Absent.
Audit Metadata