readme-standards
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation reference and does not perform any automated sensitive operations.
- [EXTERNAL_DOWNLOADS]: Provides instructions for installing and using the well-known cookiecutter tool (pip install cookiecutter). These are standard developer recommendations and target well-known technology tools.
- [SAFE]: The skill includes documentation templates that mention environment variables and API keys (e.g., API_KEY=your-api-key). These are used as placeholders for the user's project documentation and do not represent hardcoded secrets or exposure of the agent's environment.
- [PROMPT_INJECTION]: The skill identifies an indirect injection surface as it analyzes user-provided README files. (1) Ingestion points: Project files via Read, Grep, and Glob tools. (2) Boundary markers: Not explicitly defined in the instructions. (3) Capability inventory: Bash, Write, Edit tools are permitted. (4) Sanitization: No specific sanitization logic is described. The risk is assessed as low due to the formatting-focused nature of the skill.
Audit Metadata