krt-docs-chronicler
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to reconcile project documentation with current repository state. It does not perform network operations, execute arbitrary code, or access sensitive user credentials.
- [EXTERNAL_DOWNLOADS]: The skill references several well-known and reputable documentation standards (such as Diataxis, Google Developer Documentation Style Guide, and Architectural Decision Records) as foundational source literature. These references are purely informative for the agent and do not involve automated downloads, external script execution, or remote dependencies.
- [DATA_EXFILTRATION]: While the skill reads repository content (files, configurations, and git diffs), it lacks any network capabilities or exfiltration patterns. Data remains within the local environment for the purpose of generating documentation updates.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies a workflow where it ingests untrusted repository content (Step 3) to update documentation. This creates a surface where malicious instructions could be embedded in codebase comments or data, though the risk is minimized by the skill's limited capability to only write Markdown files.
- Ingestion points:
SKILL.md(Step 3) reads repo files, commands, scripts, config, manifests, tests, and examples. - Boundary markers: None explicitly specified for separating ingested content from instructions.
- Capability inventory: The skill is authorized to update/create markdown files (README, ADRs, CHANGELOG, etc.).
- Sanitization: No specific sanitization or filtering of repo data is mentioned.
Audit Metadata