readme-improvement
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to malicious instructions embedded within the project files it is instructed to analyze. • Ingestion points: PHASE 1A and 1B require the agent to perform 'discovery searches for all project files' and 'systematic file analysis' across the entire repository. • Boundary markers: The instructions contain no delimiters or 'ignore instructions' warnings, meaning the agent may treat strings or comments in the code as authoritative commands. • Capability inventory: The skill is granted 'Bash', 'Write', and 'Edit' tools, providing a high-privilege execution surface if subverted. • Sanitization: There is no evidence of filtering or verification of the content read from files before the agent processes it for the README plan.
- [Command Execution] (MEDIUM): The skill utilizes the 'Bash' tool for discovery and mapping. While intended for benign documentation purposes, this tool provides a vector for high-impact actions if the agent is manipulated via an indirect prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata