reverse-document
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill facilitates documentation generation by analyzing local files, which is a legitimate use case. It includes mandatory human-in-the-loop checkpoints where the agent must present findings and request approval before writing to the filesystem.
- [PROMPT_INJECTION]: Analysis of Category 8 (Indirect Prompt Injection) indicates a potential attack surface as the skill reads and processes untrusted local files (source code and prototypes). This risk is mitigated by mandatory user clarification and approval steps before any documentation is drafted or written to disk.
- Ingestion points: Phase 2 reads file content from user-specified paths using the Read, Glob, and Grep tools.
- Boundary markers: Absent from instructions.
- Capability inventory: Includes access to Write, Edit, and Bash tools.
- Sanitization: No explicit sanitization of ingested code content is specified.
Audit Metadata