readme
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to perform extensive file system exploration, reading project directory structures, configuration files, and database schemas. It also involves writing the final generated documentation to a file in the project root.
- [CREDENTIALS_UNSAFE]: The agent is explicitly instructed to read highly sensitive files, including
config/master.key,config/credentials.yml.enc, and.env. While intended to help document configuration requirements, accessing the actual contents of secret keys and encrypted credential files poses a significant risk of accidental data exposure if the agent incorporates the values into the finalREADME.mdfile. - [PROMPT_INJECTION]: The skill processes untrusted project files to generate documentation, creating a surface for indirect prompt injection where malicious content in the codebase could influence the agent's output.
- Ingestion points: The agent reads various project files such as
Gemfile,package.json,.env,db/schema.rb, andconfig/routes.rbto gather project details. - Boundary markers: The skill does not define specific delimiters or instructional barriers to prevent the agent from being influenced by instructions embedded within the files it analyzes.
- Capability inventory: The agent has read access to the local filesystem and the capability to write the
README.mdoutput file. - Sanitization: There is no evidence of sanitization or filtering of the content extracted from the codebase before it is used to generate the final documentation.
Audit Metadata