project-docs-setup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill files are exclusively documentation templates. There are no shell scripts, Python/Node.js code, or binary executables within the skill package. This significantly reduces the attack surface for most threat categories.
- PROMPT_INJECTION (SAFE): While the templates contain instructional language for an AI agent (e.g., "Mandatory requirement: all code development must follow TDD"), these are legitimate task-specific constraints and do not attempt to bypass LLM safety filters or disregard system instructions.
- DATA_EXFILTRATION (SAFE): No network operations (curl, wget, etc.) or access to sensitive file paths were found. The templates use placeholders for documentation but do not hardcode secrets.
- INDIRECT_PROMPT_INJECTION (SAFE): Although the templates define placeholders (e.g.,
{USER_STORIES},{PROJECT_NAME}) which are interpolation surfaces for external data, the skill does not include any logic for data ingestion or command execution. The surface is strictly for static documentation generation.
Audit Metadata