api-docs-generator
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from the project's source code, such as endpoint docstrings and Pydantic model configurations.
- Ingestion points: The skill analyzes route definitions, handler docstrings, and model schemas during the inventory and audit phases.
- Boundary markers: No specific delimiters or safety instructions are defined to distinguish processed code data from operational instructions.
- Capability inventory: The agent relies on standard file system operations to read the project source and write the suggested documentation improvements.
- Sanitization: The skill does not provide any mechanism to sanitize or validate extracted strings from docstrings or comments before processing them.
- [NO_CODE]: The skill consists entirely of markdown documentation and configuration files with no executable scripts or binaries.
Audit Metadata