Skills
skills/rysweet/amplihack/documentation-writing/Gen Agent Trust Hub

documentation-writing

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill invokes mkdocs and a project-specific discovery command amplihack using subprocess.run. These operations are fundamental to the skill purpose and include safety measures like timeouts and list-based command arguments.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires standard packages including mkdocs, mkdocs-material, and pyyaml. While these are reputable industry tools, they are not part of the explicitly predefined trusted organization list.
  • PROMPT_INJECTION (LOW): An indirect prompt injection surface exists because the skill processes untrusted project documentation. Mandatory Evidence Chain: 1. Ingestion points: docs/ directory and project README.md files. 2. Boundary markers: Absent; content is interpolated directly into the build pipeline. 3. Capability inventory: Subprocess execution for site generation and file writing. 4. Sanitization: Absent, as the tool is designed to render source documentation verbatim.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:24 PM