reference-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function of reading source code to generate documentation creates an indirect prompt injection surface.
- Ingestion points: Technical specifications are derived from implementation code, tests, and schemas using the Read, Grep, and Glob tools.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts within the source artifacts being analyzed.
- Capability inventory: The skill uses the Write tool to output generated documentation based on the processed content.
- Sanitization: The workflow does not include a step to validate or sanitize extracted content before it is incorporated into the final documentation.
Audit Metadata