docs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design of reading and processing untrusted project files to generate documentation.
- Ingestion points: The agent ingests data from local source files using the
Read,Grep, andGlobtools. - Boundary markers: No delimiters or 'ignore instructions' warnings are provided to the agent regarding the content extracted from project files.
- Capability inventory: The skill has access to the
Writetool, enabling potential file system modification if malicious instructions are encountered in source files. - Sanitization: No filtering or validation of the ingested code content is performed before it is processed by the AI model.
- [COMMAND_EXECUTION]: The skill involves the execution of standard documentation commands for well-known tools like Sphinx and JSDoc. These commands are routine developer operations and target trusted, established software packages.
Audit Metadata