project-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes internal Python scripts (scan_docs_metadata.py and encode.py) to automate tasks such as document analysis and Mermaid diagram encoding. These operations are performed locally and are consistent with the skill's intended functionality.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it reads and summarizes external markdown files from the project's docs/ directory to check for pre-existing analysis. This behavior is mitigated by the skill's design, which requires user confirmation before proceeding if existing documentation is detected.\n
- Ingestion points: Markdown files in the target project's docs/ folder via the scripts/scan_docs_metadata.py utility.\n
- Boundary markers: None identified in the summary generation logic.\n
- Capability inventory: Subprocess command execution for local scripts and the Write tool for saving reports.\n
- Sanitization: The extracted content is summarized without explicit filtering for embedded instructions.
Audit Metadata