docs-from-code

Purpose and capabilities mostly align: this is a documentation skill that reads code, generates docs, and optionally opens a PR. The main risks are third-party tool trust (Graphify), hidden dependency scope in the fallback `npm install`, and processing untrusted repositories with exec/write permissions. Overall this is not malware, but it is a medium-risk skill due to supply-chain and untrusted-content handling.