agents-md
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
findandlscommands to identify local skill configuration files (SKILL.md) within the.claude/skillsandpluginsdirectories. These are read-only discovery operations used to help the agent reference existing tools. - [COMMAND_EXECUTION]: Uses the
ln -scommand to create a symbolic link betweenAGENTS.mdandCLAUDE.md, which is a standard practice for maintaining project-level documentation. - [PROMPT_INJECTION]: The skill processes untrusted local data by reading found
SKILL.mdfiles to generate documentation. While this represents an indirect prompt injection surface where a malicious local file could influence the agent's summary, the risk is considered minimal as it is limited to the local file system and the intended documentation task.
Audit Metadata