document-code
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard development commands (
pnpm run dev,pnpm run build) within the local project directory. These commands are necessary for local development and build verification of the documentation site. - [DATA_EXPOSURE] (SAFE): The instructions direct the agent to read internal repository source files (
cli.rs,rcfile.rs, etc.) to extract information for documentation. This is consistent with the stated purpose of the skill and does not involve accessing sensitive user credentials or system secrets. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection as it processes codebase source files to generate documentation.
- Ingestion points: Local source files including
src/cli.rs,src/rcfile.rs, andsrc/instance_state.rs. - Boundary markers: Absent; there are no specific delimiters defined for the source code ingestion.
- Capability inventory: Read/write access to project files and local shell execution via
pnpm. - Sanitization: Absent; the skill relies on the agent's logic to transform source code into documentation. The risk is considered low as the output is restricted to documentation files.
Audit Metadata