skills-readme-updater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The script processes metadata from subdirectories and writes it into a markdown file without sanitization, creating a surface for indirect prompt injection if a malicious skill is present.
- Ingestion points:
scripts/update_readme.pyreads data fromSKILL.mdfiles located in subdirectories of~/.claude/skills/. - Boundary markers: Absent. The script extracts strings directly from YAML frontmatter and interpolates them into markdown table rows.
- Capability inventory: The script is limited to local file system reads within a specific directory and a single file-write operation to
README.md. It lacks network, execution, or privilege escalation capabilities. - Sanitization: Absent. The script does not escape markdown control characters (like pipes or backticks), which could allow a malicious skill name to break table formatting or inject misleading instructions into the documentation.
Audit Metadata