ln-114-frontend-docs-creator
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch missing shared reference files from the author's repository at
https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/. This is a vendor-owned resource used for retrieving static skill dependencies. - [PROMPT_INJECTION]: The skill presents an indirect injection surface as it ingests data from local project files (e.g.,
package.json,tailwind.config.js, and CSS files) to populate documentation templates. It mitigates risk through a strictNO_CODE_EXAMPLESrule that forbids the inclusion of CSS or component code in the output and employs validation steps to ensure no template markers or unauthorized content remain in the final document. - Ingestion points: Reads project configuration files (
package.json,tailwind.config.js), CSS variables, and input from theln-110coordinator skill. - Boundary markers: Uses
{{PLACEHOLDER}}syntax within markdown templates to delimit interpolated data. - Capability inventory: Limited to reading configuration files and writing markdown documentation files to the project directory.
- Sanitization: Includes a mandatory rule prohibiting code blocks in output and performs self-validation to check for forbidden placeholders and metadata leaks.
Audit Metadata