read-docs
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it instructs the agent to process and summarize content from markdown files within a project, which could include untrusted or malicious instructions.
- Ingestion points: Content is ingested from
docs/**/*.md,README.md,CLAUDE.md, and other root-level.mdfiles as defined in the Search Strategy of SKILL.md. - Boundary markers: No explicit boundary markers or instructions are provided to the agent to treat documentation content as non-authoritative data or to ignore embedded instructions.
- Capability inventory: The skill uses the agent's ability to read and summarize files, incorporating external content into its reasoning process.
- Sanitization: No sanitization, escaping, or validation of file contents is specified.
- [NO_CODE]: This skill contains no executable code files, scripts, or binaries, and consists solely of markdown instructions, which minimizes the risk of direct malicious code execution.
Audit Metadata