doc-architect
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local file system discovery to identify the project's tech stack and architecture by inspecting files like
package.json,composer.json, andpyproject.toml. It creates and modifies documentation files in specific directories such asdocs/plans/and the project root. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it reads and processes untrusted project documentation (e.g.,
README.md,PROJECT_BRIEF.md) to populate templates. - Ingestion points: Project identification files (
README.md,PROJECT_BRIEF.md,package.json) inSKILL.md(SOP Step 1). - Boundary markers: Absent.
- Capability inventory: Local file system read and write.
- Sanitization: No explicit sanitization or filtering of ingested file content is defined.
Audit Metadata