documentation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: The skill processes user-provided source code, API definitions, and text to generate documentation (SKILL.md). Boundary markers: The instructions do not specify the use of delimiters or ignore instructions when handling the input code or text. Capability inventory: The skill's output is intended to be used by an agent to modify files (e.g., writing READMEs or updating docstrings). Sanitization: There is no logic provided to sanitize input or prevent the agent from obeying instructions embedded in code comments within the data being documented.
Audit Metadata