agentsmd-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill extracts context from repository files (README, CONTRIBUTING, configs), which could contain malicious instructions designed to hijack agent logic. Evidence: 1. Ingestion points: Phase 1 involves reading multiple local files. 2. Boundary markers: None; content is read directly into context without delimiters. 3. Capability inventory: Read, Write, Edit, and specific Bash commands (ls, git, just, make). 4. Sanitization: None.
- [Command Execution] (SAFE): The manifest restricts Bash tool use to a specific whitelist (ls, git, just, make), mitigating the risk of arbitrary command injection even though instructions mention other tools like 'tree'.
- [Data Exposure & Exfiltration] (SAFE): While the skill scans for configuration templates and repository structure, this behavior is strictly local and consistent with the primary purpose of generating documentation, with no network exfiltration detected.
Audit Metadata