documentation-generation-doc-generate
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read and extract information from source code files, configurations, and comments across the repository (e.g., using 'ast.parse' on local files as shown in 'resources/implementation-playbook.md').
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat extracted content as untrusted data.
- Capability inventory: The skill can read local files, generate documentation artifacts, and suggest repository automation configurations.
- Sanitization: There is no evidence of sanitization or filtering of extracted strings before they are processed by the agent.
- [COMMAND_EXECUTION]: The 'resources/implementation-playbook.md' file includes templates for project READMEs and CI/CD workflows that incorporate standard development commands such as 'pip install', 'npm install', 'git clone', and 'pytest'.
- [EXTERNAL_DOWNLOADS]: The documentation templates for the interactive API playground reference external CSS and JavaScript assets from the jsDelivr CDN to render the Swagger UI library.
Audit Metadata