ask-readme-gardener
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted external content (source code and change descriptions) and possesses the capability to modify local files, meeting the criteria for a high-risk indirect injection surface. \n
- Ingestion points: The skill reads project source code to 'Understand new feature, API, or change' as defined in the workflow (SKILL.md). \n
- Boundary markers: There are no boundary markers or instructions to treat analyzed code as untrusted data or to ignore embedded natural language instructions. \n
- Capability inventory: The skill is explicitly permitted to 'Edit the README.md file directly' (SKILL.md, workflow step 4). \n
- Sanitization: No sanitization, escaping, or validation logic is present to filter malicious content from being drafted and written to the documentation.
Recommendations
- AI detected serious security threats
Audit Metadata