gm-agent-docs
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, unauthorized network operations, or persistence mechanisms were detected.
- [SAFE]: The skill features human-in-the-loop validation, requiring the user to review the analysis summary and the final document content before files are written to the filesystem.
- [SAFE]: The instructions explicitly forbid the inclusion of sensitive information such as API keys, passwords, or secrets in the generated documentation.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted project metadata (e.g., scripts from package.json) to generate instructions. This is mitigated by the following controls:
- Ingestion points: Project configuration files (package.json, Makefile, pyproject.toml, etc.) and file structure.
- Boundary markers: Analysis summaries and draft content are presented to the user for confirmation.
- Capability inventory: File system reading (scanning project root) and file system writing (creating MD files).
- Sanitization: Prohibits sensitive credential output and uses user review to prevent malicious command propagation.
Audit Metadata