documentation-specialist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill instructions focus on documentation structure and professional standards. There are no attempts to bypass safety filters or override system-level constraints.
- [Data Exposure & Exfiltration] (SAFE): The skill is designed to read codebase configurations (e.g.,
application.yml,.env.example) to document architecture. While it interacts with files that might contain secrets, there is no logic for hardcoding credentials or transmitting data to external, untrusted domains. Network usage mentioned in guides is for standard health checks or illustrative examples. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): Although the skill has access to the
Bashtool, its workflows are limited toGrep,Glob, andReadoperations for analysis. Installation commands (e.g.,npm install,git clone) appear strictly within documentation templates and examples intended for user-generated documents, rather than being executed by the skill itself on the host. - [Indirect Prompt Injection] (LOW): The 'brownfield' workflow (code-to-docs) ingests untrusted data by reading source code files to extract API endpoints and data models.
- Ingestion points: Files read during codebase analysis (e.g.,
references/workflows/brownfield-workflow.md). - Boundary markers: None explicitly defined in the prompts to distinguish code content from documentation instructions.
- Capability inventory:
Read,Write,Edit,Glob,Grep, andBashtools. - Sanitization: No specific sanitization logic is present for the ingested code content.
- [Persistence & Privilege Escalation] (SAFE): No patterns for persistence or unauthorized privilege escalation were identified. Documentation examples mentioning
sudoorchmodare contextual templates for users.
Audit Metadata