configure-readme
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local project environment.
- Ingestion points: Reads metadata and content from 'package.json', 'pyproject.toml', 'Cargo.toml', 'go.mod', and 'README.md'.
- Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the analyzed project files.
- Capability inventory: The skill utilizes 'Bash', 'Write', and 'Edit' tools to modify the file system based on analyzed data.
- Sanitization: Absent; the skill does not explicitly validate or escape data ingested from project files before using it in the workflow.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute several local discovery commands.
- Evidence: Uses 'find', 'tree', 'basename', and 'git remote -v' to gather project metadata. These commands are restricted to local discovery and do not involve remote execution or high-privilege operations.
Audit Metadata