readme
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to perform a 'Deep Codebase Exploration' which includes reading highly sensitive files such as 'config/master.key', 'config/credentials.yml.enc', and various '.env' files. Accessing the application's master encryption key is particularly dangerous as it could lead to the accidental inclusion of plaintext production secrets in the generated README.md file or exposure of secrets within the model's context.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it is designed to ingest and process data from the entire project directory without boundary markers or sanitization.
- Ingestion points: Project root directory structure, configuration files ('.env', 'database.yml'), dependency manifests ('Gemfile', 'package.json'), and database schemas ('db/schema.rb').
- Boundary markers: Absent. The prompt does not include instructions to ignore or delimit embedded instructions within the explored files.
- Capability inventory: The agent is authorized to read arbitrary local files and write content to 'README.md'.
- Sanitization: Absent. There are no mechanisms to filter or escape malicious content found during exploration before it is written to the output.
- [COMMAND_EXECUTION]: The skill generates documentation containing powerful administrative and deployment commands (e.g., 'bin/rails db:setup', 'kamal setup', 'docker run'). While these are intended for user documentation, an agent with tool-use capabilities might interpret these as instructions to execute, leading to unintended system changes or side effects during the exploration phase.
Audit Metadata