Skills
skills/varnan-tech/opendirectory/docs-from-code/Gen Agent Trust Hub

docs-from-code

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install 'graphifyy' via pip. This package name varies slightly from the 'graphify' project referenced in the documentation, which is a common indicator of a potential typosquatting risk. It also installs several Node.js dependencies for its fallback extraction scripts.
  • [COMMAND_EXECUTION]: The skill relies on a significant range of shell commands to operate, including installing packages with pip and npm, executing the graphify CLI, and performing Git operations and GitHub CLI (gh) tasks like creating branches and Pull Requests.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests untrusted content from the codebase it is documenting.
  • Ingestion points: The skill reads all source files in the project directory using graphify or local fallback scripts (scripts/extract_py.py, scripts/extract_ts.ts).
  • Boundary markers: The agent is instructed to avoid inventing code, to use [Description needed] for missing information, and to distinguish between EXTRACTED and INFERRED data points.
  • Capability inventory: The agent can write to the local filesystem (e.g., creating README.md and docs/API.md) and interact with remote repositories through Git and the GitHub CLI.
  • Sanitization: Extracted docstrings and comments are interpolated into markdown templates without evidence of explicit sanitization or escaping of potentially malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 03:08 PM
Security Audit — agent-trust-hub — docs-from-code