readme-maintainer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill triggers the execution of a local script located at '~/.codex/skills/readme-maintainer/scripts/readme_facts.py'. While the script is part of the skill's distribution, this involves shell command execution within the agent's environment.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes arbitrary files from the user's repository. Ingestion points: Files scanned by readme_facts.py and written to /tmp/readme-facts.json. Boundary markers: None identified; the instructions treat the output as a trusted 'source of truth'. Capability inventory: Ability to modify the README.md file in the local filesystem. Sanitization: No explicit sanitization or filtering of the ingested content is performed before it is used to generate the final README document.
Audit Metadata