github-repository-standards
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package is composed exclusively of Markdown documentation and instructional templates. It does not include scripts, binaries, or other executable components.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by instructing the agent to scan and process untrusted repository structures and file content to generate audits and documentation. 1. Ingestion points: Scanning of repository root directories and file contents as described in SKILL.md (Mode 1 and Mode 2). 2. Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore embedded instructions in the scanned files. 3. Capability inventory: The skill's capabilities are limited to generating text-based relocation plans, configuration overrides, and README documentation; no autonomous file system or network operations are present. 4. Sanitization: There is no requirement or method specified for sanitizing or validating the ingested repository data.
Audit Metadata