create-software-docs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a 'no-code' tool composed of markdown instructions and templates. It does not perform any direct code execution, system modifications, or network operations. All documentation tasks are localized to the '{scope}/docs/' directory.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) as it analyzes untrusted repository content. This risk is mitigated by a mandatory evidence chain: (1) Ingestion points include codebase manifests and source files identified in 'analyze-project-scope'; (2) Boundary markers such as 'Sources Inspected' sections and confidence labels ('Confirmed', 'Inferred', 'Needs confirmation') are required by 'references/templates/common.md'; (3) Capabilities are restricted to generating and updating markdown documentation; (4) Sanitization is implemented via the 'validate-generated-docs' sub-skill, which explicitly identifies and flags speculative or unsupported claims for removal or correction.
Audit Metadata