doc-gen
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its stated function of documentation generation using local file access. No malicious patterns, data exfiltration, or obfuscation were detected.
- [PROMPT_INJECTION]: The skill processes untrusted content from the local project (source code, READMEs) and has file-write capabilities. While this presents a theoretical attack surface for indirect prompt injection, the instructions are strictly scoped to documentation formatting and semantic extraction, posing minimal risk.
- Ingestion points: Local source files, CLAUDE.md, and directory contents.
- Boundary markers: Absent.
- Capability inventory: File-write (modifying source files and creating docs/api/ entries) and shell command execution (running typecheck utilities).
- Sanitization: Absent.
Audit Metadata