crafting-effective-readmes
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [No Code] (SAFE): The skill is comprised entirely of Markdown documentation and templates. There are no executable scripts (Python, JavaScript, Shell, etc.) provided within the skill package.
- [Data Exposure & Exfiltration] (SAFE): No credentials, secrets, or sensitive file paths were detected. Template placeholders for API keys in the internal and configuration templates are purely instructional and do not represent hardcoded secrets.
- [Prompt Injection] (SAFE): The instructions in SKILL.md are well-structured and focused on the intended task of README generation. No attempts to override system prompts, bypass safety filters, or extract instructions were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not define any external package dependencies or perform any remote script downloads or execution.
- [Indirect Prompt Injection] (SAFE): 1. Ingestion points: Reads local project files like package.json and main entry points to verify documentation accuracy. 2. Boundary markers: None defined. 3. Capability inventory: No code, subprocess calls, or network operations exist within the skill. 4. Sanitization: Not applicable as no code is executed. The risk is limited to text generation, making the surface safe.
Audit Metadata