code-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it is designed to analyze and modify source code and comments. * Ingestion points: The skill processes content from project source files, test files (.test.ts), and story files (.stories.tsx) as described in references/workflow.md. * Boundary markers: No delimiters or specific instructions are provided to help the agent distinguish between code/comments being analyzed and potential instructions embedded within that data. * Capability inventory: The skill guides the agent to perform destructive file operations, such as removing specific types of comments and updating TSDoc blocks, based on the analysis of the untrusted input (references/maintenance.md). * Sanitization: There is no requirement for input validation or sanitization of the comments before the agent interprets them to perform actions.
Audit Metadata