Skills
skills/robertguss/claude-skills/code-documenter/Gen Agent Trust Hub

code-documenter

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of analyzing and documenting untrusted external codebases, configuration files, and git history.
  • Ingestion points: The agent scans the entire project file tree, reads source code, processes .env files, and analyzes git commit logs (Phase 1 and 2).
  • Boundary markers: There are no explicit instructions or delimiters defined to isolate the untrusted code content from the agent's operational logic.
  • Capability inventory: The agent has permissions to read and write files, generate shell scripts, and execute commands for testing and validation (Phase 6).
  • Sanitization: No sanitization or filtering logic is specified for handling code snippets before they are incorporated into generated documentation or scripts.
  • [COMMAND_EXECUTION]: The skill workflow in SKILL.md explicitly instructs the agent to execute shell commands for git history analysis and to run generated accessibility/test scripts.
  • [REMOTE_CODE_EXECUTION]: The references/documentation-patterns.md file contains a template demonstrating a piped remote execution pattern: curl -fsSL https://example.com/install.sh | bash. While intended as a documentation example for users, this pattern represents a high-risk execution method.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:23 PM