make-documentation

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is documentation management. It follows best practices by providing structured guides and a deterministic audit script to verify project state before writing.
  • [COMMAND_EXECUTION]: The skill invokes a local Python script scripts/audit_documentation.py. Analysis of this script confirms it only uses Python standard libraries (argparse, json, re, pathlib) to perform file system inventories and text parsing. It does not execute arbitrary shell commands or external binaries.
  • [DATA_EXFILTRATION]: No network operations or credential harvesting patterns were detected. The skill explicitly instructs the agent to avoid including secrets or raw tokens in documentation (e.g., in references/guide-access-runbook.md).
  • [PROMPT_INJECTION]: No malicious prompt injection or behavior override patterns were found. The instructions are focused on maintaining documentation quality and source-backed accuracy.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads user-controlled files like Markdown and Jupyter Notebooks to generate documentation. While this presents a theoretical attack surface, the instructions emphasize verifying facts against code/config and maintain strict documentation templates, which mitigates the risk of obeying embedded instructions. Given this is the primary purpose of a documentation tool, the risk is minimal.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:15 PM