readme-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from the local project environment to generate documentation, which could be exploited if source files contain hidden instructions.\n
- Ingestion points: SKILL.md Step 1 specifies gathering information from manifest files (package.json, pyproject.toml) and scanning project source files.\n
- Boundary markers: No specific delimiters or boundary markers are defined to separate untrusted project content from the agent's generation instructions.\n
- Capability inventory: The skill is designed for documentation generation; while it does not directly call execution tools, the output is intended for user-facing README files.\n
- Sanitization: There is no evidence of sanitization or filtering applied to the content extracted from the project's source files.
Audit Metadata