isitagentready
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess.run to execute git for repository discovery and runs its own Python scripts (create_report_packet.py, scan_site.py) to automate report generation and site scanning.
- [EXTERNAL_DOWNLOADS]: The scripts/scan_site.py utility makes an outbound HTTP POST request to isitagentready.com to retrieve audit data for a production URL.
- [DATA_EXFILTRATION]: The skill transmits the user-provided production URL to the external isitagentready.com API as part of its core scanning functionality.
- [PROMPT_INJECTION]: The skill reads untrusted repository data, which creates a surface for indirect prompt injection.
- Ingestion points: Local repository files such as robots.txt and .well-known discovery documents (referenced in references/repo-search-playbook.md).
- Boundary markers: No explicit delimiters are used to wrap external content in prompts.
- Capability inventory: Local script execution and network access.
- Sanitization: File content is processed by the agent without explicit pre-sanitization.
Audit Metadata