api-docs
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing external source code.
- Ingestion points: Scans files at the user-specified
<source-path>to extract JSDoc and exports. - Boundary markers: The skill does not use specific delimiters or instructions to treat the ingested code content as data only.
- Capability inventory: Includes the ability to write files, execute bash commands via npx, and dispatch worker hooks via MCP.
- Sanitization: There is no evidence of filtering or escaping logic applied to the extracted code comments before they are interpreted by the agent.
Audit Metadata