docs-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard git commands (
git diff,git diff --name-only) to identify changes in the local repository. These are appropriate for the stated purpose of synchronizing documentation with code. - [DATA_EXFILTRATION] (SAFE): While the skill interacts with sensitive file types (e.g., '.env', configuration files) to ensure documentation matches implementation, there are no network calls or instructions to transmit this data externally.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the repository (code and comments) via 'git diff'. However, it lacks dangerous capabilities like remote execution or network access that would allow an attacker to exploit this surface. Boundary markers are implicitly defined by the diff format, and the primary capability is local file writing.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown instructions and templates. No scripts (Python, JS, Shell) are included or executed beyond the specified git commands.
Audit Metadata