codegen-doc
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is comprised entirely of Markdown files and prompt templates. No scripts, binaries, or automated tasks are included.
- [SAFE]: No network communication or data exfiltration mechanisms were found. The skill processes local project data strictly for documentation purposes.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and summarize codebase contents (including code comments) and user-provided outlines. This is assessed as safe because the skill lacks executable capabilities or network access. Evidence: 1. Ingestion points: Project repository files (README, source code, TODOs) and user-provided templates. 2. Boundary markers: Absent; project content is processed without delimiters. 3. Capability inventory: None; the skill is limited to text generation. 4. Sanitization: Absent.
Audit Metadata