readme-maintainer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes local shell scripts (
scripts/collect_repo_facts.shandscripts/check_bilingual_readme.sh) to inspect the project structure. These scripts use standard tools such as find, rg, tree, and git, and follow best practices like variable quoting and pipefail settings. - [PROMPT_INJECTION] (LOW): The skill possesses an Indirect Prompt Injection surface (Category 8) because it reads and processes untrusted repository files to generate documentation. 1. Ingestion points:
collect_repo_facts.shoutput and direct reading of source/config files as per the workflow. 2. Boundary markers: No explicit delimiters or instructions are provided to the model to ignore embedded instructions in the source data. 3. Capability inventory: Ability to write to the local filesystem (README.md) and execute skill-provided scripts. 4. Sanitization: No sanitization of ingested content is performed before processing. - [DATA_EXPOSURE] (SAFE): While the skill reads project source code, it explicitly instructs the model not to call external APIs or README generation providers, ensuring data remains within the local session context.
Audit Metadata