release-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard shell commands (
ls,wc,cat,grep,jq) for inventory and validation purposes. All commands are used in a read-only or local verification capacity consistent with the skill's purpose. - [DATA_ACCESS] (SAFE): The skill accesses local project files in the
plugins/compound-engineering/directory to extract metadata. No sensitive system paths or credentials are accessed. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests content from external files to generate documentation summaries.
- Ingestion points: Agent, command, skill, and MCP server files located within the project subdirectories.
- Boundary markers: Absent; the skill directly processes the content of these files.
- Capability inventory: The skill can read/write local files and execute basic shell utilities for text processing and count verification.
- Sanitization: The skill includes a check to skip files with invalid frontmatter, providing a basic level of validation.
Audit Metadata