api-doc-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill possesses an ingestion surface because it scans external source code (Java/Kotlin Controller classes) to extract API metadata. While this is an entry point for untrusted data, no malicious behavior is triggered, and the output is confined to documentation templates. Evidence: 1. Ingestion points: Controller source code files; 2. Boundary markers: None specified; 3. Capability inventory: Reads filesystem (source code), Writes filesystem (./docs); 4. Sanitization: None specified.
- No Code (SAFE): No executable scripts (Python, JavaScript, shell) or system commands are included in the provided files. The skill functions purely through natural language instructions and predefined markdown templates.
- Data Safety (SAFE): The skill accesses project-specific source files for the intended purpose of documentation and writes the output to a local directory. No access to sensitive system directories (~/.ssh, ~/.aws) or unauthorized network exfiltration patterns were detected.
Audit Metadata