code-docs-quality
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs dynamic context injection to execute find commands at load time to verify directory structures. It also instructs the agent to use git log to assess the freshness of documentation files. These operations are consistent with the skill's documentation auditing purpose.
- [PROMPT_INJECTION]: The skill analyzes the content of external documentation files (ADRs, PRDs, etc.), which represents a potential surface for indirect prompt injection. However, the instructions focus on quality assessment and validation of structural standards rather than executing content, mitigating the risk.
- [SAFE]: Access to shell commands is restricted through the allowed-tools configuration, which limits Bash execution to specific linting utilities like markdownlint and vale. This restriction minimizes the attack surface.
Audit Metadata