api-docs-generator
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs static analysis on local source code to extract API metadata. It does not utilize network protocols, execute shell commands, or interact with external third-party services.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data (user-written source code) to generate documentation outputs.
- Ingestion points: The skill scans all
route.tsfiles within theapp/api/directory and reads their contents. - Boundary markers: Absent. The instructions do not define specific delimiters to distinguish between documentation generation instructions and content found within the code files.
- Capability inventory: The skill is restricted to text generation. It lacks capabilities for network access, file modification, or system command execution.
- Sanitization: No explicit sanitization or filtering is performed on comments or strings extracted from the source files before they are included in the generated OpenAPI specification.
Audit Metadata