framework-docs-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill uses
bundle show <gem_name>and reads project files likeGemfile.lockorpackage.json. This is standard behavior for identifying installed library versions to provide accurate documentation and is not an indicator of malicious data exfiltration. - [COMMAND_EXECUTION]: The skill mentions using
bundle showto locate gem directories on the local system. This is a read-only operation intended to help the agent find and read source code or README files for documentation purposes. - [INDIRECT_PROMPT_INJECTION]: As the skill fetches documentation from external websites and GitHub, it is theoretically exposed to indirect prompt injection. However, the instructions focus on analytical tasks (identifying versions, deprecations, and patterns) rather than executing instructions found in the data, which minimizes the risk.
Audit Metadata