doc-coverage
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/check_docs.pycalls thegitcommand to identify staged files. This operation is performed using a static list of arguments without shell interpretation, which is a safe implementation pattern. - [SAFE]: The skill includes manual validation of all input paths (target, output, config) using absolute path resolution and prefix checking to prevent directory traversal attacks.
- [SAFE]: The skill's analysis logic uses regular expressions for parsing. While it processes external code files, it maintains a small security footprint with no network access and restricted file system writes.
Audit Metadata