readme-maintainer
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The bundled script
scripts/readme_facts.pyreads and processes the contents of various files within the repository, including sensitive environment files (e.g.,.env). While the script's intended purpose is to identify service names (like 'Stripe' or 'OpenAI') to assist in documentation, it does access the contents of these files. No external network transmission was detected in the script logic.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from the repository being analyzed, including source code and a configuration file named.readme-maintainer-services.json. Malicious content within these files could influence the agent's behavior or output. - Ingestion points: Repository files scanned by
scripts/readme_facts.pyand configuration data loaded from.readme-maintainer-services.json. - Boundary markers: Absent. The agent is instructed to treat the script output as a 'source of truth' without explicit safety boundaries for the generated content.
- Capability inventory: The skill possesses file-reading capabilities via the Python script and file-writing capabilities as it is designed to update the repository's
README.md. - Sanitization: Absent. There is no evidence of sanitization or filtering of the content extracted from the repository files before it is processed by the agent.- [COMMAND_EXECUTION]: The skill functionality relies on the execution of a bundled Python script (
scripts/readme_facts.py) via the command line to gather project metadata. This is the intended mechanism for the skill's functionality.
Audit Metadata