document-code
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill workflow includes the command
npx ai-devkit@latest, which fetches and executes code from the npm registry at runtime. Running unversioned packages introduces a dependency on the security of the public registry and the package maintainer. - [COMMAND_EXECUTION]: The skill executes shell commands using
npxto perform memory searches and validate entry points during the documentation process. - [EXTERNAL_DOWNLOADS]: Generated HTML documentation includes a reference to
https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js, which is an external script dependency from a well-known CDN used to render diagrams. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes arbitrary code provided by users.
- Ingestion points: The skill reads file content, function signatures, and directory structures from user-specified entry points in the
Collect Source Contextstep. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when the agent processes the source code content.
- Capability inventory: The agent has the capability to execute shell commands (
npx) and write files to the local environment (docs/ai/implementation/). - Sanitization: The skill does not validate or sanitize the ingested source code for malicious instructions before analysis.
Audit Metadata