agents-md-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to analyze a codebase and write a high-trust instruction file (agents.md) at the repository root. This creates a significant attack surface.
- Ingestion points: Systematically reads metadata from package.json, framework configs (Next.js, Vite, etc.), and file structures.
- Boundary markers: Absent. The instructions do not define delimiters or ignore-markers for content read from the repo.
- Capability inventory: Has file-write capability to create the project's primary AI instruction file, which establishes conventions and constraints for other AI interactions.
- Sanitization: Absent. There is no evidence of filtering or escaping logic for data extracted from project files before it is included in the agents.md output.
Recommendations
- AI detected serious security threats
Audit Metadata