llms-txt
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and summarize content from external live websites to populate documentation files.
- Ingestion points: Website content is fetched from live URLs during Phase 2 (Brand Context) and Phase 4 (Full Documentation generation) as described in SKILL.md.
- Boundary markers: The skill does not define specific boundary markers or instructions to the agent to isolate or ignore embedded commands within the fetched external content.
- Capability inventory: The skill uses file-system write capabilities to save generated markdown files to the project's public or root directories.
- Sanitization: The instructions recommend stripping HTML tags during conversion to markdown to ensure clean formatting, but they do not specify semantic validation or filtering of the content to prevent the ingestion of malicious instructions.
- [SAFE]: The skill's primary operations involve standard project analysis, such as reading package.json and directory structures, and documentation generation, which are appropriate for its stated purpose.
Audit Metadata