aiready-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for AI agents to run several CLI tools using npx. These include commands like 'npx @aiready/cli scan .', 'npx @aiready/pattern-detect', and 'npx @aiready/agent-grounding' to perform codebase analysis.- [EXTERNAL_DOWNLOADS]: Installation instructions and npx command usage trigger the download of external packages from the NPM registry. These packages (@aiready/*) are the primary tools associated with the skill's functionality.- [PROMPT_INJECTION]: The skill's workflow involves tools that ingest and process local codebase files, which creates an indirect prompt injection surface.
- Ingestion points: Local source code, READMEs, and configuration files within the directory where the scan is executed.
- Boundary markers: No explicit delimiters or instructions to ignore embedded prompts in scanned content are specified in the instructions.
- Capability inventory: The skill enables command execution and network access for package retrieval via npx.
- Sanitization: There is no evidence of sanitization or validation of the scanned file contents before they are processed by the agent-facing tools.
Audit Metadata