token-docs
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional and contains markdown templates for documenting UI components. No evidence of prompt injection, data exfiltration, or malicious command execution was found.- [INDIRECT_PROMPT_INJECTION]: The skill includes an automation script (
generate-docs.ts) that processes external data from atokens.jsonfile. While this represents a surface for indirect prompt injection if the source data is compromised, the risk is minimal and consistent with the skill's primary purpose of generating static documentation. - Ingestion points:
tokens.jsonis read by the script. - Boundary markers: None present in the generated output files.
- Capability inventory: The script uses
fs.readFileSyncandfs.writeFileSyncfor local file operations. - Sanitization: No explicit sanitization of JSON values is performed before interpolation into markdown.
Audit Metadata