Skills
skills/ruvnet/claude-flow/doc-gen/Gen Agent Trust Hub

doc-gen

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch the @claude-flow/cli package from the external NPM registry at runtime.
  • [REMOTE_CODE_EXECUTION]: The skill executes the downloaded @claude-flow/cli tool. The package originates from an organization that is not recognized as a trusted vendor, posing a risk of executing unverified code.
  • [COMMAND_EXECUTION]: The skill performs shell commands via npx for scoped documentation generation and utilizes CronCreate to establish persistent, recurring execution of the documentation worker.
  • [PROMPT_INJECTION]: The skill analyzes current project code and existing documentation to detect 'drift'. This behavior introduces a surface for indirect prompt injection if the processed files contain malicious instructions.
  • Ingestion points: Local project source code and markdown documentation files (SKILL.md).
  • Boundary markers: No delimiters or specific safety instructions are provided to the agent for handling untrusted file content during drift detection.
  • Capability inventory: The skill has access to Bash, Write, and specialized worker dispatch tools.
  • Sanitization: No sanitization or validation of the ingested code or documentation is documented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — doc-gen