docs-init
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as data exfiltration, obfuscation, or unauthorized access, were detected. The skill is focused on its primary purpose of generating project documentation.
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (
!commandsyntax) inSKILL.mdto automatically identify project characteristics (e.g., project name, technology stack, and directory structure). These commands are restricted to local discovery operations (such asfind,git, andhead) and are used appropriately for project initialization. - [PROMPT_INJECTION]: The skill implements a workflow that reads content from the user's codebase to populate templates. While this creates a surface for indirect prompt injection, the skill includes explicit 'Anti-Hallucination Guidelines' and verification phases to ensure the agent only documents verified codebase components, effectively managing the inherent risks of processing external data.
Audit Metadata