readme
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to perform an exhaustive search for sensitive project data, specifically commanding it to read '.env.example', '.env.sample', 'config/database.yml', 'config/credentials.yml.enc', and 'config/master.key'. Accessing encryption keys and environment secrets is a high-risk data exposure pattern.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during its 'Deep Codebase Exploration' phase, where it is instructed to map the directory organization and read various project files. An attacker could place malicious instructions inside code comments or configuration files that the agent would then ingest and potentially obey while generating the README.
- Ingestion points: Reads the root directory and all project configuration and source files (e.g., package.json, config/routes.rb, app/models/).
- Boundary markers: No delimiters or specific 'ignore instructions in data' warnings are provided to separate the project content from the agent's task instructions.
- Capability inventory: The agent is granted permission to read any file within the project directory structure to extract details for the documentation.
- Sanitization: No sanitization or validation of the codebase content is performed before it is processed into the final README output.
Recommendations
- AI detected serious security threats
Audit Metadata