candango-discover
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is documentation-centric, providing templates and instructional guidelines for project planning. It does not contain executable code, shell scripts, or external network requests.\n- [PROMPT_INJECTION]: The skill ingests user-provided feature requirements and plans to generate documentation. While it acts as a data processing surface, the risk is negligible as it only outputs text-based markdown files to the local documentation directory.\n
- Ingestion points: User-provided feature plans and requirements as specified in
SKILL.md.\n - Boundary markers: No explicit markers or instructions to ignore embedded instructions are present.\n
- Capability inventory: The skill defines write operations for documentation files in
docs/features/anddocs/adr/.\n - Sanitization: No input sanitization is performed, but the output is restricted to documentation content without execution capabilities.
Audit Metadata