docs-writing
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely within the user's project environment to generate documentation. It uses standard tools like Grep, Glob, and Bash to inspect the codebase and write markdown artifacts.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and summarize untrusted data from a codebase.
- Ingestion points:
agents/scanner-agent.mdandagents/concept-extractor-agent.mdread source code and configuration files from the local project. - Boundary markers: The agent prompts do not currently specify the use of delimiters or 'ignore' instructions when reading codebase content.
- Capability inventory: The orchestrator can execute Bash commands via the
allowed-toolsto write documentation files and check git history. - Sanitization: Content read from the codebase is not explicitly sanitized, but the skill implements a multi-agent review cycle with a
critic-agentto verify documentation quality and accuracy before final delivery.
Audit Metadata