agent-md-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection (Category 8) due to its data ingestion surface.
- Ingestion points: Reads and processes user-provided instruction files such as AGENTS.md and CLAUDE.md.
- Boundary markers: Absent; the skill does not use delimiters or explicit warnings to isolate untrusted content from the agent's own instructions.
- Capability inventory: The agent performs file system operations, including reading existing files and writing new directory structures and markdown files.
- Sanitization: Absent; the skill does not include mechanisms to validate or filter instructions found within the processed files.
Audit Metadata