agentmd
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Use of fictional authoritative claims. The skill cites a non-existent research paper from 'Feb 2026' and references future model versions (e.g., 'Sonnet-4.5', 'GPT-5.2') to ground its instructions in a simulated 'future best practice' framework. While the resulting advice encourages safety through minimalism, the metadata used to enforce it is fabricated.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface via repository analysis. The skill's core workflow involves the agent reading and interpreting untrusted files from a repository (e.g., README.md, package.json, CI configs).
- Ingestion points: Repository files including
package.json,pyproject.toml,README.md, and CI configuration directories. - Boundary markers: The 'Security: Data Boundaries' section provides explicit negative constraints, telling the agent to treat all repo content as untrusted and to never interpret free-text as instructions.
- Capability inventory: The skill is restricted to file reading and markdown generation; no network access, subprocess execution, or code evaluation tools are utilized.
- Sanitization: The instructions specifically direct the agent to extract only structured metadata and confirmed tooling commands, avoiding the verbatim echoing of arbitrary documentation text.
- [NO_CODE]: The skill consists entirely of Markdown instructions and reference documentation. No executable scripts (Python, JavaScript, or Shell) are included in the distribution.
Audit Metadata