ln-112-project-core-creator
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill analyzes local project metadata, such as
package.jsonand.env.example, to extract project descriptions, dependencies, and external system definitions. This data is used exclusively to populate documentation templates and is not transmitted to external entities. - [PROMPT_INJECTION]: As the skill ingests potentially untrusted data like
PROJECT_DESCRIPTIONand file paths from the source tree, it theoretically possesses a surface for indirect prompt injection. However, the risk is mitigated by a rigorous self-validation phase that enforces structural and semantic compliance against predefined documentation contracts and quality rules. - [COMMAND_EXECUTION]: The skill uses specific search patterns (e.g., searching for keywords like 'Queue' or 'Redis') to detect architectural patterns. These are standard information-gathering operations used for project analysis and are not subject to user-controlled argument injection.
Audit Metadata