mkt-technical-writer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates locally to scan directory structures and read source files for documentation purposes. No network requests or data exfiltration behaviors were identified.
- [COMMAND_EXECUTION]: The skill uses a 'find' command to identify source files for analysis. This is a read-only operation limited to local discovery of common programming file extensions and is restricted to the first 100 results, posing no security risk.
- [PROMPT_INJECTION]: The skill processes local source code, which serves as an untrusted data source. 1. Ingestion points: Reads source files (SKILL.md, Step 2). 2. Boundary markers: Absent. 3. Capability inventory: File discovery via 'find' and documentation file creation (SKILL.md). 4. Sanitization: Absent. The risk of indirect prompt injection is considered safe due to the skill's lack of sensitive capabilities like network access or high-privilege command execution.
Audit Metadata