readme-doctor
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): High surface area for Indirect Prompt Injection (Category 8). The skill ingests and analyzes README content from untrusted sources (GitHub URLs, local files) without sanitization or boundary markers.\n
- Ingestion points:
README.md,package.json,pyproject.toml, and external repositories viagh api.\n - Boundary markers: Absent. The skill lacks explicit delimiters or instructions to ignore embedded commands in the analyzed text.\n
- Capability inventory: Reading local files, accessing project metadata, and making network requests via
gh.\n - Sanitization: None detected.\n- [COMMAND_EXECUTION] (LOW): Executes shell commands to read files and process metadata.\n
- Evidence: Uses
cat,jq,grep,gh, andbase64to inspect the project environment. These are necessary for the skill's purpose but represent a functional risk if hijacked.\n- [EXTERNAL_DOWNLOADS] (LOW): Accesses external content from the GitHub API.\n - Evidence: Downloads README content via the
ghCLI.\n - Trust Scope: GitHub is a trusted source; the finding is downgraded per [TRUST-SCOPE-RULE].
Audit Metadata