Skills
skills/mguinada/agent-skills/agents-md-creator/Gen Agent Trust Hub

agents-md-creator

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from project files such as package.json (specifically the name and description fields) and README.md during its discovery and documentation generation phases. This metadata is processed without explicit sanitization or boundary markers to prevent embedded instructions from influencing the agent's behavior. The skill possesses the capability to execute shell commands and write to the local filesystem.
  • [COMMAND_EXECUTION]: The skill executes local shell utilities including find, grep, jq, and wc to detect monorepo structures and list packages. Additionally, it provides templates and instructions that utilize well-known build tools and package managers such as Turborepo, Nx, npm, and pnpm for task orchestration and project management.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:31 PM