api-doc-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): This skill consists of markdown templates and instructional guidance. It does not provide any executable scripts (Python, Node.js, or Shell) or binaries.\n- [DATA_EXFILTRATION] (SAFE): The skill identifies API information from local source code and writes it to a local './docs' directory. No network capabilities or external data transmission patterns were detected.\n- [PROMPT_INJECTION] (SAFE): No adversarial patterns, role-play injections, or instructions to bypass safety guidelines were found. The instructional markers used are for task logic and alignment.\n- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill processes untrusted local source code as part of its primary function, creating a surface for indirect prompt injection.\n
- Ingestion points: Local Java and Kotlin Controller source files (identified in README.md).\n
- Boundary markers: None explicitly defined in the instructions for isolating scanned content.\n
- Capability inventory: Local file read (source code) and local file write (markdown output in ./docs).\n
- Sanitization: No explicit content sanitization logic is mentioned.\n
- Note: This risk is inherent to the automated documentation use-case and is handled as SAFE given the lack of malicious intent or complex downstream capabilities.
Audit Metadata