Skills
skills/oscabriel/skills/docs-to-types/Gen Agent Trust Hub

docs-to-types

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from project documentation files, including CONTEXT.md, ADRs, and grill-with-docs notes. This creates a surface for indirect prompt injection. However, the risk is minimized because the skill instructs the agent to propose changes for user approval before implementation and specifically prohibits the generation of business behavior or persistence logic.
  • Ingestion points: CONTEXT.md, AGENTS.md, CONTEXT-MAP.md, docs/adr/*, and grill-with-docs output.
  • Boundary markers: None explicitly defined for the external documentation content.
  • Capability inventory: File writing (codifying architecture) and execution of local shell commands (linting, type-checking).
  • Sanitization: None; the skill relies on the agent's interpretation and user review checkpoints.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform local validation using standard development tools such as typecheck and lint. These operations are conducted within the local environment to ensure the integrity of the generated architectural code and do not involve remote command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:29 PM
Security Audit — agent-trust-hub — docs-to-types