ln-313-review-docs-worker
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill interacts with local file paths such as
shared/,docs/, andreferences/relative to the repository root. These operations are restricted to project-specific documentation management and do not involve access to sensitive system files or credentials. - [COMMAND_EXECUTION]: The skill instructions define a structured workflow for data extraction and document generation. While it mentions the use of 'MCP tools' for research, it does not invoke arbitrary shell commands or perform high-risk system operations.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data including 'Story titles', 'Technical Notes', and 'Implementation Tasks' to determine documentation requirements. While this represents an ingestion surface for untrusted data, the skill's capabilities are limited to writing markdown files and updating project notes, which minimizes the potential impact of an injection attack.
- Ingestion points: Story content, Technical Notes, and Implementation Tasks.
- Boundary markers: None explicitly defined in the instruction set.
- Capability inventory: File read/write access to project documentation directories (
docs/) and modification of Story metadata. - Sanitization: Not explicitly defined, though generated content is restricted to markdown format with a 'NO CODE' rule.
Audit Metadata