docs-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [No Code] (SAFE): The skill is comprised solely of Markdown files (
SKILL.mdand rule files in therules/directory). There are no Python scripts, Node.js files, or shell scripts included. Analysis shows no executable logic that could perform malicious actions. - [Data Exposure] (SAFE): No hardcoded credentials, API keys, or sensitive file paths were detected. Code examples in the rule files use generic placeholders like
userId,orderTotal, andacme-cli. - [Indirect Prompt Injection] (LOW): The skill's primary purpose is to ingest and audit external documentation files (untrusted data).
- Ingestion points: Documentation files targeted for audit.
- Boundary markers: None explicitly defined in the instructions for input files.
- Capability inventory: None. The skill provides instructions for analysis but does not include tools for network access, shell execution, or file modification.
- Sanitization: None. While the skill is exposed to untrusted content, the lack of dangerous capabilities effectively mitigates the risk of exploitation.
- [Command Execution] (SAFE): While some documentation examples contain shell commands (e.g.,
systemctl restart myapp), these are static text for educational purposes within the documentation audit rules and are not executed by the skill logic.
Audit Metadata