docs-review
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates on local documentation files and uses internal project references, posing no risk of data exfiltration or external code execution.
- [COMMAND_EXECUTION]: The skill runs 'yarn' commands for documentation validation. These are hardcoded project scripts ('fmt:write', 'docs:check') and are not subject to command injection.
- [PROMPT_INJECTION]: The skill reads untrusted data from the /docs directory and snippet files. While it lacks sanitization or boundary markers for this content, the resulting vulnerability to indirect prompt injection is minimal due to the narrow task scope.
Audit Metadata