agent-md-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads from existing, potentially untrusted instruction files like CLAUDE.md or AGENTS.md to perform its tasks. Mandatory Evidence: 1. Ingestion points: Reads instructions from local documentation files. 2. Boundary markers: No delimiters or ignore-instructions warnings are used during input processing. 3. Capability inventory: Restricted to reading and writing Markdown files; no subprocess, network, or eval/exec capabilities. 4. Sanitization: No sanitization or escaping of the ingested file content is performed. The impact is low because the skill does not execute the content it processes.
- [SAFE] (SAFE): No evidence of credential exposure, unauthorized external downloads, or persistence mechanisms was found in the provided files.
Audit Metadata