project-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass filters were detected. All content is strictly instructional and related to documentation.
- [Data Exposure & Exfiltration] (SAFE): The skill does not contain hardcoded credentials or data exfiltration commands. It includes proactive warnings to prevent the accidental exposure of sensitive keys in .env files.
- [Obfuscation] (SAFE): No hidden or encoded content was found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote code execution patterns or unverified package installations were identified.
- [Indirect Prompt Injection] (SAFE): The skill is designed to ingest local project data for analysis, which is an inherent surface for indirect injection; however, no specific vulnerabilities were found. 1. Ingestion points: Reads local project files such as README.md, package.json, and .env.example (SKILL.md). 2. Boundary markers: Absent; relies on standard agent behavior. 3. Capability inventory: Reading local files and generating markdown text output. 4. Sanitization: Not applicable for generating static documentation content.
Audit Metadata