deepinit
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script located at
.agent-skills/deepinit/scripts/validate_agents_hierarchy.pyto ensure the integrity of the generated documentation hierarchy. This script is part of the skill package, uses only Python standard libraries, and operates solely on the local filesystem. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and summarizing project files. Ingestion points: recursive file reading as described in Step 3 of
SKILL.md. Boundary markers: includes<!-- MANUAL: -->markers to distinguish and preserve user-authored notes. Capability inventory: consists of file-system write access for documentation generation and local execution of the validation script. Sanitization: relies on the agent's summarization logic without explicit input filtering. - [SAFE]: The skill implements proactive security measures in
references/scope-and-preservation.mdby explicitly excluding sensitive directories such as.git,.env, and various runtime state folders (e.g.,.omc,.omx,.codex), which prevents the accidental exposure of private configuration or environment metadata in the documentation.
Audit Metadata