Skills
skills/mblode/agent-skills/readme-creator/Gen Agent Trust Hub

readme-creator

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from local project files without sanitization.
  • Ingestion points: SKILL.md (Phase 1) instructs the agent to read content from package.json, Cargo.toml, pyproject.toml, go.mod, and existing README.md files.
  • Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the ingested project data from the agent's instructions.
  • Capability inventory: The skill enables the agent to write files (README.md) and execute handoffs to other documentation skills (docs-writing, agents-md).
  • Sanitization: No sanitization or validation logic is defined to prevent the execution of instructions that might be contained within project metadata fields like descriptions or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 02:00 PM