Create GitHub README
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it incorporates untrusted data from external websites and existing project files into its generation process.
- Ingestion points: Reads
package.json, existingREADME.md, and content from live demo URLs navigated via Playwright. - Boundary markers: Absent; the skill does not use delimiters to isolate external content from its internal generation logic.
- Capability inventory: Includes file system checks (
ls), browser navigation (Playwright MCP), and repository modification (/github-push). - Sanitization: None; content from the project or external URLs is used directly to populate the README template.
- [Command Execution] (SAFE): Uses a simple
lscommand to check for the existence of an existing README file, which is a benign operation. - [Data Exposure] (SAFE): Accesses standard configuration files and public URLs to generate documentation, which is consistent with the skill's stated purpose.
Audit Metadata