Skills
skills/aleister1102/skills/agents-md-generator/Gen Agent Trust Hub

agents-md-generator

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a provided Python script (scripts/scaffold_agents_md.py) to analyze the repository. This script uses the subprocess module to run git rev-parse --show-toplevel for determining the repository root path.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted repository files and includes their contents in its output.
  • Ingestion points: The script reads and parses content from local repository files, including package.json scripts and GitHub Actions workflows (.github/workflows/).
  • Boundary markers: The generated Markdown documentation does not include explicit delimiters or warnings to isolate untrusted content from the agent's instructions.
  • Capability inventory: The skill is designed to write files to the disk and suggest executable commands (e.g., install, test, build) for the agent to use.
  • Sanitization: The tool extracts string values directly from the source configuration files and interpolates them into templates without sanitization or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:49 AM