readme-updater
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core function is to ingest untrusted data from the project environment and use it to modify the README.md.
- Ingestion points: Processes arbitrary project files including source code, dependency manifests (package.json), and configuration files (docker-compose.yml, .env.example) via Read and Grep tools.
- Boundary markers: Absent. The skill lacks instructions on how to isolate data from instructions when processing external file content.
- Capability inventory: Possesses Write and Edit tools, which are used to modify the filesystem based on the analysis of untrusted inputs.
- Sanitization: None detected. There is no mechanism to escape or validate the content extracted from project files before it is processed by the agent.
- Data Exposure (LOW): The skill is designed to read configuration templates like .env.example. There is a minor risk that if a user accidentally points the tool at a live .env file, the agent may expose sensitive secrets by 'documenting' them into the public README.md file.
Recommendations
- AI detected serious security threats
Audit Metadata