create-agents-file
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates data from external project files into the agent's context.\n
- Ingestion points: Reads from package.json, README.md, lock files, and other project configuration files in Step 1.\n
- Boundary markers: There are no explicit delimiters or system instructions used to encapsulate the ingested file content to prevent it from being interpreted as instructions.\n
- Capability inventory: The skill has the ability to write to the filesystem (AGENTS.md) and execute shell commands (ln -s).\n
- Sanitization: No content validation or sanitization is performed on the ingested data before processing.\n- [COMMAND_EXECUTION]: The skill executes a shell command to maintain documentation consistency.\n
- Command: The skill runs 'ln -s AGENTS.md CLAUDE.md' in Step 4 to create a symbolic link, which is a standard, low-risk local operation.
Audit Metadata