backend-docs
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads project rules and implementation details from the codebase which could contain adversarial instructions. Ingestion occurs during discovery steps in SKILL.md and references/discovery-workflow.md. The agent's output is constrained by specific markdown templates provided in the skill folder.
- [DATA_EXFILTRATION]: The skill is instructed to audit PII and secret handling within the project (documented in references/backend-quality-lenses.md). This behavior is intended for security assessment, and instructions explicitly mandate referencing file paths rather than duplicating sensitive content.
- [COMMAND_EXECUTION]: The workflow allows the execution of local validation commands for documentation formatting and markdown linting if they are present in the project environment.
- [SAFE]: The skill references well-known and trusted external documentation resources, including diataxis.fr, arc42.org, and c4model.com, for technical guidance.
Audit Metadata