build-workspace-docs
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the ai-agent-skills CLI to update README.md and WORK_AREAS.md, which are standard operational tasks for managing a library workspace.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it ingests data from a skills catalog to generate documentation. It provides explicit boundary markers (HTML comment markers) in the generated files to isolate external content, which is a recommended practice to reduce the risk of instructions in the catalog data influencing the agent. (Evidence: SKILL.md mentions ingestion points in the catalog and boundary markers in the Gotchas section).
Audit Metadata