readme
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill utilizes
findandcatto identify project structure and read configuration files. These are standard inspection commands necessary for documentation generation and pose no direct security threat to the system. - Indirect Prompt Injection (LOW): The skill ingests data from local project files (source code and manifests) to generate the README. This creates a surface for indirect prompt injection where malicious instructions hidden in code comments could influence the agent's output.
- Ingestion points: Local source files (
.py,.js, etc.) and configuration files (package.json,pyproject.toml). - Boundary markers: Absent; the content is ingested without explicit delimiters or safety instructions regarding embedded content.
- Capability inventory: File reading (
cat) and directory searching (find). - Sanitization: Absent; the skill relies on the LLM's internal safety filters to ignore instructions found within the code.
Audit Metadata