skrapi
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to read local project files (such as package.json, tsconfig.json, and framework configs) and generate documentation locally. It does not perform any unauthorized network operations or exfiltrate data.
- [COMMAND_EXECUTION]: The skill instructs the agent to create folders and write Markdown files within the user's project directory or a user-specified path. This behavior is consistent with its stated purpose as a documentation generator and does not involve high-risk command execution like privilege escalation.
- [PROMPT_INJECTION]: The instructions in SKILL.md provide a clear, step-by-step workflow for analysis and reporting. There are no attempts to bypass safety guidelines, override agent behavior, or extract system prompts.
- [EXTERNAL_DOWNLOADS]: The skill suggests using a web search if information about unfamiliar frameworks (like Lynx JS) is required, which is a standard agent capability. No suspicious remote code downloads or 'curl | bash' patterns were identified.
- [DATA_EXFILTRATION]: While the skill reads sensitive local configuration files to understand the project stack, it does not contain instructions to transmit this information to any external or untrusted domains. Findings are stored in local Markdown files for user review.
Audit Metadata