maintain-project-readme
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted project files to audit and update documentation, which could be manipulated to influence agent behavior.
- Ingestion points: The script scripts/maintain_project_readme.py reads project configuration files (pyproject.toml, package.json, Cargo.toml, Package.swift) and the existing README.md file.
- Boundary markers: Absent. No explicit delimiters or instructions are used to isolate content from these untrusted files when they are processed by the agent.
- Capability inventory: The script scripts/maintain_project_readme.py has the capability to write to files (specifically the target README.md).
- Sanitization: Absent. The content from untrusted files is parsed using regular expressions and incorporated into the output without validation or escaping.
- [DATA_EXFILTRATION]: Arbitrary File Access Surface. The maintenance script accepts an optional --readme-path argument and performs file read and write operations on it. Since the script does not verify that the path is within the project root or is a Markdown file, it could be used to read or overwrite sensitive system files if the agent is misdirected.
- [DATA_EXFILTRATION]: Local Environment Information Leak. The skill's documentation and scripts contain hardcoded absolute paths (e.g., /Users/galew/Workspace/agent-plugin-skills) which expose the author's local username and directory structure.
Audit Metadata