Skills
skills/sirn/dotfiles/code-generate-document/Gen Agent Trust Hub

code-generate-document

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the jj diff -s command to identify modified files within a Jujutsu version control repository.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface via its code-reading workflow:\n
  • Ingestion points: Step 3 of the process involves reading and understanding project source code to generate docstrings and ADRs.\n
  • Boundary markers: The instructions lack delimiters or explicit warnings to treat ingested code content as untrusted data.\n
  • Capability inventory: The skill is authorized to propose modifications to existing files and create new files in the doc/adr/ directory.\n
  • Sanitization: There is no mention of sanitizing or escaping the content read from files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 03:06 AM