md-docs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes standard system utilities (git, ls, cat, cp, ln, diff, fd, find, grep, jq) to analyze project structures, extract metadata from configuration files, and manage the documentation lifecycle.\n- [EXTERNAL_DOWNLOADS]: Employs
curl -sIto verify the accessibility of external links found within theCONTRIBUTING.mdfile by performing HTTP HEAD requests during the update workflow.\n- [PROMPT_INJECTION]: Presents a surface for indirect prompt injection as it interprets data from untrusted project files to drive documentation generation.\n - Ingestion points: Reads contents from files such as
README.md,package.json, andCONTRIBUTING.mdto gather context.\n - Boundary markers: Does not implement explicit delimiters or guardrail instructions to distinguish project data from agent instructions during processing.\n
- Capability inventory: Possesses the ability to read and write files in the local repository.\n
- Sanitization: No formal sanitization or filtering is applied to the content extracted from the project files before generation.
Audit Metadata