api-doc-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to scan untrusted project source code, which serves as an ingestion point for potentially malicious instructions hidden in comments or strings.
- Ingestion points: Java/Kotlin source files identified by @Controller or @RestController annotations.
- Boundary markers: Absent; the instructions do not specify delimiters or "ignore" warnings to separate untrusted code from the agent's instructions.
- Capability inventory: File reading (source code scanning) and file writing (generating documentation in the
./docsdirectory). - Sanitization: Absent; no mention of sanitizing or validating extracted data before including it in the generated documentation.
- No Executable Code (SAFE): All analyzed files are markdown documentation, templates, or examples. No executable logic (Python, JS, Shell) or package manifests (package.json, requirements.txt) were included. Note: The
SKILL.mdfile mentioned in the documentation was not provided for analysis.
Audit Metadata