skills-readme-alignment-maintainer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as intended for documentation maintenance. All file operations are restricted to reading and writing markdown files within the local workspace provided by the user. No unauthorized access or sensitive data leakage was detected.
- [DATA_EXFILTRATION]: No network activity or credential exposure was found. The script processes data locally and does not communicate with external servers.
- [COMMAND_EXECUTION]: The script does not execute external programs or shell commands. It audits command-like strings within text files using safe parsing techniques such as
shlex.splitfor string analysis without execution. - [REMOTE_CODE_EXECUTION]: There are no mechanisms for downloading or executing remote code. The tool uses only the Python standard library.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted local content from README files. 1. Ingestion points:
scripts/readme_alignment_maintainer.pyreadsREADME.mdandSKILL.mdfiles. 2. Boundary markers: No explicit markers are added to the report output. 3. Capability inventory: Local file writing and Markdown/JSON report generation. 4. Sanitization: The logic employs deterministic regex matching for schema enforcement, which mitigates the risk of the agent interpreting processed content as commands.
Audit Metadata