update-readme
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from the local repository that may be influenced by external contributors.
- Ingestion points: Data is ingested from
README.md,CHANGELOG.md, and git commit history (viagit log) inSKILL.md. - Boundary markers: The sub-agent prompts (Agent A and Agent C) do not include explicit delimiters or instructions to ignore embedded commands within the ingested text.
- Capability inventory: The skill has broad capabilities including file reading (
Read), file writing (Write,Edit), and shell command execution (Task). - Sanitization: There is no evidence of sanitization or filtering of the repository content before it is processed by the LLM sub-agents.
- [COMMAND_EXECUTION]: The skill utilizes the
Tasktool to execute shell commands for analyzing repository history. - Evidence: In
SKILL.md, Step 3 (Agent C) executesgit logcommands to determine when the README was last updated and to extract commit messages since that date.
Audit Metadata