agents-md-manager
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes data from untrusted local files to generate documentation.\n
- Ingestion points: The skill reads from
README.md,package.json, project configuration files (e.g., ESLint, Prettier), and project source directories.\n - Boundary markers: No delimiters or "ignore instructions" warnings are used when interpolating file content into the agent's context.\n
- Capability inventory: The skill has the ability to read and write to the filesystem through the
read,edit, andproject_inittools.\n - Sanitization: No evidence of input validation or content filtering was found for the data ingested from project files.
Audit Metadata