reference-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package is composed entirely of Markdown documentation and templates. There are no executable scripts, such as Python or Node.js files, included in the distribution.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of reading and processing external implementation code. 1. Ingestion points: The skill reads source code and specifications to generate API references. 2. Boundary markers: The templates do not include markers to isolate the content of the code being analyzed from the agent's instructions. 3. Capability inventory: The skill has access to Read, Write, Grep, and Glob tools. 4. Sanitization: No sanitization steps are defined for the data extracted from source code.
Audit Metadata