readme-to-landing-page
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to maintain repository state and data integrity, including git fetch and git pull --rebase for synchronization, and cp for creating backups of documentation files before modification.
- [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch project metadata such as GitHub stars and download statistics from trusted platforms to provide social proof in the generated output.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests untrusted data from local project files. Ingestion points: Reads README.md and manifest files (package.json, etc.) to gather context. Boundary markers: Absent; the skill does not use specific delimiters to separate source content from agent instructions. Capability inventory: File system writes and standard shell operations. Sanitization: None; original content is preserved in collapsed markdown blocks. Assessment: The risk is minimal as the skill directs the agent to follow a strict structural template focusing on summary and visualization.
Audit Metadata