agents-md-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Target repository contents explored via 'bash_tool' and 'view'.
- Boundary markers: None present; the agent treats repository data as an instruction source for generating documentation.
- Capability inventory: 'bash_tool' (arbitrary command execution), 'create_file' (file creation), and 'str_replace' (file modification).
- Sanitization: None; the skill does not filter or escape content read from the repository before processing it.
- COMMAND_EXECUTION (MEDIUM): The inclusion of 'bash_tool' provides a powerful execution environment. In the context of analyzing untrusted files from a repository, this capability can be leveraged by an attacker to execute arbitrary shell commands if the agent is successfully injected via malicious file content.
Recommendations
- AI detected serious security threats
Audit Metadata