deepinit

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a local Python script located at .agent-skills/deepinit/scripts/validate_agents_hierarchy.py to ensure the integrity of the generated documentation hierarchy. This script is part of the skill package, uses only Python standard libraries, and operates solely on the local filesystem.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and summarizing project files. Ingestion points: recursive file reading as described in Step 3 of SKILL.md. Boundary markers: includes <!-- MANUAL: --> markers to distinguish and preserve user-authored notes. Capability inventory: consists of file-system write access for documentation generation and local execution of the validation script. Sanitization: relies on the agent's summarization logic without explicit input filtering.
  • [SAFE]: The skill implements proactive security measures in references/scope-and-preservation.md by explicitly excluding sensitive directories such as .git, .env, and various runtime state folders (e.g., .omc, .omx, .codex), which prevents the accidental exposure of private configuration or environment metadata in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 02:34 AM
Security Audit — agent-trust-hub — deepinit