lcs-onboarding
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to scan the project repository to identify technology stacks, entry points, and setup instructions for the purpose of generating documentation.
- [DATA_EXFILTRATION]: The skill scans for environment variables and configuration options to document the project's requirements. It does not attempt to read sensitive credential values or transmit any data to external servers.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted repository content.
- Ingestion points: Scans repository configuration files (e.g., package.json, requirements.txt) and README files as described in
SKILL.md. - Boundary markers: Absent.
- Capability inventory: Limited to scanning the repository and writing markdown reports to the local
.lcs/work-items/directory. - Sanitization: No explicit sanitization or filtering of external content before interpolation into documentation templates is mentioned.
Audit Metadata