spec
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of local command-line utilities including
git,grep,ls, andripgrep(rg) to perform codebase discovery and analysis. These are used to inventory files, identify entry points, and trace logic for documentation purposes. - [DATA_EXFILTRATION]: The skill is designed to search for and extract authorization markers, permission roles, and business rules from the source code. While this is performed for the legitimate purpose of documenting 'Permissions & Roles' (Section 7) and 'Business Rules' (Section 4), it demonstrates a high-level capability for sensitive data discovery within a repository.
- [PROMPT_INJECTION]: As an indirect vector, the skill processes untrusted external data in the form of business requirement prompts (in
mode=draft) and existing source code implementation. Malicious instructions embedded in these inputs could potentially influence the agent's output during the documentation generation process. - Ingestion points: The skill reads repository files via
git ls-filesand targetedgrep/rgsearches, as well as user-provided requirement text. - Boundary markers: The skill relies on 'Evidence-Based Reasoning' and 'AI-Implementability Gate' protocols to ensure claims are backed by source code references.
- Capability inventory: The skill utilizes shell search tools and the
spawn_agentcapability to parallelize module analysis. - Sanitization: The skill enforces a 'tech-free' prose requirement for sections 1-7, which serves as a natural filter against technical implementation details leaking into the business documentation.
Audit Metadata