skill-best-practice
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Python and Bash scripts in the references directory designed to automate the maintenance of the project's README.md file. These scripts perform file modifications and directory traversal, which are legitimate operations for a repository maintenance tool.\n- [DATA_EXPOSURE]: The automation scripts scan the local filesystem to enumerate skill directories and read metadata from SKILL.md files. These operations are limited to the repository scope and are consistent with the skill's intended functionality.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because its automated repair scripts ingest metadata from external files and interpolate it into the project's root README.md file without sanitization.\n
- Ingestion points: The repair scripts read the 'description' field from SKILL.md files in subdirectories.\n
- Boundary markers: There are no specific delimiters or instructions to ignore embedded commands in the ingested text.\n
- Capability inventory: The skill possesses the capability to read local files and overwrite the project's primary README.md documentation.\n
- Sanitization: No sanitization or escaping is performed on the ingested metadata before it is written to the filesystem.
Audit Metadata