crafting-effective-readmes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill is composed entirely of static Markdown files, including templates and reference documentation. No Python, JavaScript, or shell scripts are present or executed.
- [Indirect Prompt Injection] (SAFE): The skill's workflow involves reading existing project files such as READMEs and package.json to identify tasks. While this ingests untrusted data, the skill lacks any tools or capabilities (like shell access or network requests) to act on malicious instructions within those files.
- [Credentials Unsafe] (SAFE): Templates for internal projects include placeholders for environment variables like API_KEY. These are for documentation purposes and explicitly direct users to use secure secrets management (e.g., 1Password, Vault) rather than hardcoding credentials.
Audit Metadata