docs-writing

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates entirely within the user's project environment to generate documentation. It uses standard tools like Grep, Glob, and Bash to inspect the codebase and write markdown artifacts.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and summarize untrusted data from a codebase.
  • Ingestion points: agents/scanner-agent.md and agents/concept-extractor-agent.md read source code and configuration files from the local project.
  • Boundary markers: The agent prompts do not currently specify the use of delimiters or 'ignore' instructions when reading codebase content.
  • Capability inventory: The orchestrator can execute Bash commands via the allowed-tools to write documentation files and check git history.
  • Sanitization: Content read from the codebase is not explicitly sanitized, but the skill implements a multi-agent review cycle with a critic-agent to verify documentation quality and accuracy before final delivery.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — docs-writing