skills/buiducnhat/co-drew/docs/Gen Agent Trust Hub

docs

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for documentation management and performs only local file system operations (read and write) and local git queries. It does not include network access, external downloads, or suspicious command execution.
  • [COMMAND_EXECUTION]: The skill uses git log --oneline -20 to identify recent changes for documentation updates. This is a benign, read-only operation limited to the local repository metadata.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from the repository to generate content.
  • Ingestion points: The skill reads README.md, configuration files (package.json, Cargo.toml), and source code files from the project directory (SKILL.md).
  • Boundary markers: Absent; there are no explicit instructions for the agent to distinguish between documentation data and potential instructions embedded in the code.
  • Capability inventory: The skill is capable of writing to the docs/ directory and modifying the README.md file (SKILL.md).
  • Sanitization: Absent; content extracted from the codebase is processed and written to documentation without explicit sanitization or validation steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:23 AM
Security Audit — agent-trust-hub — docs