compound-docs
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust documentation process featuring a mandatory validation gate (Step 5) to ensure YAML metadata conforms to a schema via a local script.
- [SAFE]: Filename sanitization rules (Step 4) prevent path traversal and command injection by restricting characters to lowercase alphanumeric and hyphens.
- [SAFE]: Indirect Prompt Injection risk (Category 8) is documented: data enters from conversation context (Step 2), boundary markers are absent, but the impact is mitigated by the restricted toolset (Bash, Write, Grep) and sanitization.
- [SAFE]: All operations are scoped to local directory management for documentation purposes, with no network capabilities detected.
Audit Metadata