writing-agents-md
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it analyzes untrusted local files to generate instructions for AI agents.
- Ingestion points: Steps 0-4 of the Analysis Phase involve reading various project files, including
README.md, configuration files, and source code entry points. - Boundary markers: The output is organized into markdown sections, but there is no specific mechanism mentioned for neutralizing or escaping potentially malicious instructions embedded in the analyzed content.
- Capability inventory: The skill performs file system reads and writes (
AGENTS.md,CLAUDE.md, etc.) but does not execute external code or commands during analysis. - Sanitization: No specific sanitization or filtering of extracted text strings is defined, though the instructions mandate terse language and minimal prose.
- [SAFE]: The skill includes robust constraints against data exposure. It explicitly forbids reading
.envfiles, API keys, and other secrets, restricting analysis to template files like.env.exampleand substituting sensitive values with placeholders. - [SAFE]: The execution logic prohibits the agent from browsing the web or calling external systems unless explicitly requested by the user.
- [SAFE]: Non-destructive analysis is enforced; the skill explicitly forbids running commands like database resets or deployments as part of its verification steps.
- [SAFE]: A mandatory user review and approval step is required before any file modifications are performed on the disk.
Audit Metadata