harness-step1-create-agents-md
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard, read-only shell commands (
find,cat,ls,head) to inspect the project structure and dependency files. These operations are restricted to the local project directory and are essential for the skill's functionality. - [DATA_EXPOSURE]: The skill reads project metadata files such as
package.json,pyproject.toml, andREADME.mdto extract information about the tech stack and project purpose. It does not access sensitive system paths, credentials, or environment variables. - [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data from the project being scanned.
- Ingestion points: Metadata files like
package.jsonandREADME.mdare read inSKILL.mdto populate documentation templates. - Boundary markers: No explicit delimiters are used to wrap the content extracted from these files.
- Capability inventory: Capabilities are limited to read-only filesystem scanning and writing generated documentation to the
docs/directory andAGENTS.mdfile. - Sanitization: No specific sanitization logic is implemented for the content read from files.
- Context: The risk is minimal as the agent uses the data to generate documentation rather than executing it as code or instructions.
Audit Metadata