agents-md-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to ingest untrusted data from repository manifests and documentation to summarize it into AGENTS.md files. If an attacker controls files like README.md or package.json, they could insert malicious instructions that the agent might propagate.
- Ingestion points: The skill reads
package.json,go.mod,pyproject.toml,README.md,Makefile, andCI configurationto discover the repository shape and commands. - Boundary markers: Absent. There are no specified delimiters to separate inferred external content from the agent's instructional context in the output files.
- Capability inventory: The skill requires read and write access to the filesystem to generate documentation; it does not explicitly require network or arbitrary command execution.
- Sanitization: The skill includes a "Safety / Correctness Gate" to prevent inventing commands, but lacks explicit sanitization or escaping rules for content extracted from untrusted repository files.
Audit Metadata