write-docblocks
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes legitimate local project tools (composer and pint) to perform its stated purpose of documentation management and code styling.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it instructs subagents to read and process the contents of project files which may be untrusted. Ingestion points: Source code files read by the phpdoc-writer subagents. Boundary markers: Absent in the subagent prompt template. Capability inventory: Execution of local shell commands (composer and pint). Sanitization: No sanitization is performed on the file content before processing. This risk is considered acceptable as it is intrinsic to the skill's primary task of code documentation.
Audit Metadata