api-documentation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because its core functionality involves the agent reading and processing external, potentially untrusted sources (e.g., codebases, endpoint references, or documentation URLs provided by users) to generate structured documentation.
- Ingestion points: The skill instructions and README describe an analysis phase where the agent evaluates the project codebase and fetches content from external document references (such as Lark/Wiki URLs).
- Boundary markers: Absent; there are no specified delimiters or instructions for the agent to disregard potential instructions embedded within the source documentation or code being analyzed.
- Capability inventory: The skill is authorized to perform extensive file system writes to create the
docs/api/directory and its associated files. - Sanitization: Absent; the skill does not include instructions to sanitize, escape, or validate the content extracted from external sources before it is used to generate documentation artifacts.
Audit Metadata