agents-md-generator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading and summarizing untrusted repository content.\n
- Ingestion points: Source files and documentation read via ripgrep, sed, and grep as defined in
read_only_commands.md.\n - Boundary markers: The skill does not use explicit boundary markers or safety instructions when processing untrusted file content.\n
- Capability inventory: The skill is authorized to generate markdown documentation and execute arbitrary type-check commands found in the project configuration.\n
- Sanitization: Employs a line-reading budget (maximum 1600 lines) and skips import blocks, which reduces but does not eliminate the risk of processing malicious instructions embedded in code.\n- [COMMAND_EXECUTION]: The skill instructs the agent to identify and run type-verification commands (e.g.,
tsc,go vet,cargo check) found in the repository's build configuration. This creates a risk where a compromised repository could trigger the execution of malicious scripts through these build tools.
Audit Metadata