Skills
skills/event-catalog/skills/catalog-documentation-creator/Gen Agent Trust Hub

catalog-documentation-creator

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute npx @eventcatalog/create-eventcatalog@latest to initialize new documentation projects. This utilizes the official scaffolding tool provided by the vendor.
  • [PROMPT_INJECTION]: The skill analyzes user-provided codebases to extract information for documentation, creating an indirect prompt injection surface where untrusted content in the source code could attempt to influence the agent's output.
  • Ingestion points: User-provided codebases analyzed during the documentation process (SKILL.md, Step 2).
  • Boundary markers: None mentioned.
  • Capability inventory: Shell execution via npx and file system read/write operations for documentation management (SKILL.md).
  • Sanitization: Not specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 12:51 PM
Security Audit — agent-trust-hub — catalog-documentation-creator