codedocs
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates an inherent surface for indirect prompt injection as it is designed to ingest and process untrusted data from the codebase being documented (source code, READMEs, and manifest files).
- Ingestion points: Reads files across the repository tree, including source code and documentation files, during the discovery and generation phases.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' markers to separate untrusted codebase content from the agent's logic.
- Capability inventory: The skill uses tools to read and write files locally and execute git-based shell commands.
- Sanitization: There is no explicit mechanism described to sanitize or validate content extracted from the repository before it is summarized or written to documentation files.
- [COMMAND_EXECUTION]: The skill uses shell-level commands, specifically
git diffandgit log, to support its incremental update and status reporting features. These commands are restricted to metadata extraction within the local repository and are consistent with the skill's stated purpose of tracking documentation staleness.
Audit Metadata