update-project-doc
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a restricted set of Bash commands, including ls, git log, and wc, which are permitted via an explicit allow-list. These commands are used solely to gather project metadata such as file structures and line counts.
- [PROMPT_INJECTION]: The skill manages the risk of processing potentially untrusted local files by requiring manual user approval through the AskUserQuestion tool before any proposed documentation updates are executed.
- [DATA_EXFILTRATION]: There is no evidence of network-enabled tools or instructions that would allow project data to be sent to external destinations.
- [EXTERNAL_DOWNLOADS]: The skill operates entirely within the local project environment and does not fetch or execute any remote resources or dependencies.
Audit Metadata