ln-115-devops-docs-creator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to generate a
runbook.mdfile by aggregating project-specific operational data. It lacks capabilities for network access, arbitrary command execution, or sensitive data exfiltration.\n- [DATA_EXFILTRATION]: The skill reads from local configuration files such asdocker-compose.ymland.env.exampleto extract service names and environment variable keys. It does not target sensitive directories (e.g.,~/.ssh) or attempt to read actual secrets beyond example templates.\n- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection as it ingests untrusted data from project files to populate documentation templates.\n - Ingestion points:
package.jsonscripts,docker-compose.ymlservice definitions, and.env.examplecontent.\n - Boundary markers: Not present for the interpolated data fields in the markdown templates.\n
- Capability inventory: File writing (
docs/project/runbook.md). The skill does not have network access or code execution capabilities.\n - Sanitization: No input validation or sanitization is performed on the discovered strings.\n
- Risk Assessment: The risk is negligible as the output is a static documentation file and the skill does not possess the capabilities required to execute malicious payloads that might be injected into project metadata.
Audit Metadata