moai-docs-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests source code and specification files to generate documentation. While no malicious logic is present, this creates an inherent attack surface for indirect prompt injection via untrusted code comments or specifications. Evidence: Ingestion points (source code, SPEC files), Boundary markers (none), Capability inventory (Bash, Write), Sanitization (none).
- [External Downloads] (LOW): The skill instructs the agent to install standard documentation tools such as sphinx, mkdocs, and typedoc using package managers (pip, npm). These tools are verified and essential for the skill's primary purpose.
Audit Metadata