documentation-generation-doc-generate
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard Python libraries such as
ast,inspect, andglobto parse code structure and metadata for documentation purposes without executing the code itself. - [EXTERNAL_DOWNLOADS]: External resources referenced in the templates, such as jsDelivr for Swagger UI and official GitHub Actions (e.g.,
actions/checkout), target well-known and reputable services standard in software development workflows. - [DATA_EXPOSURE]: The skill explicitly instructs the agent to avoid exposing secrets, internal URLs, or sensitive data within generated documentation. Credential placeholders like
YOUR_API_KEYandJWT_SECRETare used appropriately in examples. - [INDIRECT_PROMPT_INJECTION]: While the skill analyzes untrusted codebase content (ingestion point:
APIDocExtractor.extract_endpointsinimplementation-playbook.md), it uses static analysis via AST parsing rather than dynamic execution. Given its primary purpose of documentation, the risk is negligible.
Audit Metadata