code-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides instructions for a maintenance process that involves reading code files and modifying or deleting comments. This represents an attack surface for indirect prompt injection where malicious instructions hidden in a project's source code could influence the agent's actions during the maintenance workflow.
- Ingestion points: Project source code files, specifically existing TSDoc and inline comments.
- Boundary markers: Absent; the skill does not define specific markers or instructions for the agent to ignore embedded commands within the code it processes.
- Capability inventory: Reading project files and writing modifications (deleting comments, updating TSDoc blocks) to the file system.
- Sanitization: Absent; the process described for converting inline comments to TSDoc does not include sanitization or validation of the input content.
Audit Metadata