project-metadata
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The skill operates purely as a set of instructions for the agent to update project documentation.
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface exists as the skill reads untrusted file names from the project directories. 1. Ingestion points: skills/ and .agent/skills/ directories. 2. Boundary markers: Absent. 3. Capability inventory: Reading directory names and updating README.md. 4. Sanitization: Absent. This is considered low risk and inherent to the skill's primary function.
Audit Metadata