deploy-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard, read-only commands such as
ls,cat,jq, andgit statusto verify the state of the local documentation directory. No destructive or high-privilege commands are present. - [EXTERNAL_DOWNLOADS] (SAFE): The provided GitHub Action workflow template references official actions from the 'actions' organization (e.g.,
actions/checkout@v4). These are trusted sources according to the [TRUST-SCOPE-RULE]. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill reads content from local markdown and JSON files (
plugins/compound-engineering/agents/*.md, etc.). - Ingestion points: Multiple documentation files and JSON manifests.
- Boundary markers: None present.
- Capability inventory: File system read, JSON parsing, and git status reporting.
- Sanitization: None detected.
- Assessment: While it processes untrusted local data, the lack of dangerous capabilities (network write, execution of data as code) makes the risk negligible.
Audit Metadata