readme-generator
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
scripts/collect-site-metrics.pyandscripts/validate-readme.py) to perform structural analysis of the repository and ensure the generated README adheres to best practices. These scripts are limited to the project scope and do not perform network operations. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface as it summarizes repository content to generate project overviews. 1. Ingestion points:
SKILL.mdStep 1 and Step 5 (readingmkdocs.ymland documentation files in/docs). 2. Boundary markers: Absent (no delimiters used when processing external project content). 3. Capability inventory: Local command execution and file writing. 4. Sanitization: Absent (the agent directly summarizes the ingested data into the final README output).
Audit Metadata