matlab-document-toolbox

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is to automate the generation of documentation artifacts (README, GettingStarted.m, functionSignatures.json). All logic is consistent with this stated goal and follows official vendor guidelines.
  • [SAFE]: Implements a critical security checkpoint in Step 3 that requires the user to review and approve the documentation plan before any files are written or project settings are modified.
  • [COMMAND_EXECUTION]: The skill utilizes the MATLAB environment to perform project management tasks, such as openProject and validateFunctionSignaturesJSON. These operations are standard for MATLAB toolbox development and are executed within the context of the user's local project.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the user's MATLAB project files.
  • Ingestion points: Extracts metadata and function signatures from .m source files in Step 2.
  • Boundary markers: No explicit boundary markers or isolation instructions are used when processing the extracted text.
  • Capability inventory: Access to evaluate_matlab_code (manifest.yaml), file creation/modification, and project integration tools.
  • Sanitization: No explicit sanitization of extracted H1 lines or arguments blocks is performed before interpolation into documentation templates.
  • Mitigation: This surface is mitigated by the mandatory user confirmation step which allows for manual inspection of generated content before it is finalized.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:26 AM
Security Audit — agent-trust-hub — matlab-document-toolbox