code-documenter
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation and use of standard, reputable development packages from official registries (NPM and PyPI). These include documentation frameworks like Docusaurus, MkDocs, and VitePress, as well as linting and coverage utilities like
eslint-plugin-jsdoc,pydocstyle, andinterrogate. These references are informative and consistent with the skill's primary purpose. - [COMMAND_EXECUTION]: The documentation workflow includes instructions for executing standard local testing and linting commands, such as
python -m doctestfor verifying code examples ornpm run docs:checkfor validating documentation builds. These actions are performed on the user's local project files as part of the normal development lifecycle. - [INDIRECT_PROMPT_INJECTION]: The skill represents a data ingestion surface because its core function involves analyzing user-provided source code and API definitions to generate documentation.
- Ingestion points: The agent processes source code files (Python, TypeScript, JavaScript) and configuration files (OpenAPI/Swagger specs) provided in the prompt or project directory.
- Boundary markers: The skill does not define specific delimiters to separate untrusted code content from its own generation instructions, relying on the agent's internal reasoning to handle the code as data.
- Capability inventory: The skill identifies capabilities for executing documentation tests, building static sites, and performing code linting via subprocesses.
- Sanitization: No explicit sanitization or filtering is described for the input code before it is analyzed for documentation purposes.
Audit Metadata