Skills
skills/event-catalog/skills/code-to-catalog/Gen Agent Trust Hub

code-to-catalog

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes npx @eventcatalog/create-eventcatalog@latest to bootstrap new documentation projects during the final handoff phase. This is a standard operation for the vendor's tooling.
  • [SAFE]: The skill scans the local directory for infrastructure indicators, including database connection strings (e.g., postgres://, redis://) and environment variable patterns (e.g., DATABASE_URL, REDIS_URL). This data is used solely to populate the local architectural model and is not transmitted externally.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted codebase content:
  • Ingestion points: Phase 2 (Discovery Scan) reads source code, manifest files, and documentation from the local repository.
  • Boundary markers: The skill does not define explicit boundary markers or 'ignore' instructions for the data it reads from the filesystem.
  • Capability inventory: The agent has the capability to write a local plan file (.catalog-plan.md) and execute shell commands via the handoff to the catalog-documentation-creator skill.
  • Sanitization: No explicit sanitization of the ingested code content is performed before the LLM analyzes it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 12:51 PM
Security Audit — agent-trust-hub — code-to-catalog