agents-md
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the AGENTS.md file from the author's official GitHub repository (robinebers/agents.md). This is a trusted vendor source for this skill.
- [COMMAND_EXECUTION]: Uses curl to download configuration files and mktemp to manage temporary files during the update and merge workflow. These operations are limited to workspace file management.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by downloading an external protocol file (AGENTS.md) meant to guide agent behavior.
- Ingestion points: AGENTS.md (downloaded via curl to the workspace root)
- Boundary markers: Absent
- Capability inventory: curl (file write), mktemp (file creation), local file read/merge
- Sanitization: Absent
Audit Metadata