repo-context-scan
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to autonomously write and update documentation files including
CONTEXT.md,CONTEXT-MAP.md, and Architecture Decision Records (ADRs) within thedocs/adr/directory based on codebase analysis. - [PROMPT_INJECTION]: The skill facilitates the processing of codebase artifacts (source code, tests, schemas), which serves as an ingestion point for untrusted data. Although this presents an attack surface for indirect prompt injection, it is the primary intended function of the tool.
- Ingestion points:
SKILL.mdidentifies primary source directories, database schemas, API definitions, event names, test descriptions, and README files. - Boundary markers: No explicit boundary markers or 'ignore' instructions are defined for the data ingestion process.
- Capability inventory: The agent maintains the capability to write and update files in the repository as part of the documentation generation process.
- Sanitization: No explicit sanitization or validation steps are outlined for the content extracted from the code.
Audit Metadata