api-doc-generator
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALPROMPT_INJECTIONSAFE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill ingests and processes external source code, which may contain malicious instructions in comments or strings.\n
- Ingestion points: Project source code analyzed by the scripts (e.g., Python/Javascript files).\n
- Boundary markers: Absent. The agent is not instructed to ignore or treat embedded instructions in the analyzed code as data only.\n
- Capability inventory: Filesystem read access (for code scanning) and filesystem write access (to create the /api folder and markdown documents).\n
- Sanitization: No sanitization or escaping of extracted content is performed before interpolation into the markdown templates.\n- SAFE (SAFE): No malicious code, obfuscation, or unauthorized network activity was detected in the provided skill files. All detected dependencies are standard Python libraries.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata