agents-md-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to its core function of processing untrusted external data.
- Ingestion points: The skill ingests the entire directory structure, file contents, and tech stack of a repository during 'Phase 1: Repository Analysis'.
- Boundary markers: There are no instructions or delimiters provided to the agent to help it distinguish between the skill's instructions and potentially malicious instructions hidden within the codebase files.
- Capability inventory: While the skill itself only generates markdown files, those files are designed to contain executable 'Setup & Run' commands. A malicious actor could plant instructions in the codebase that trick the generator into including a backdoor (e.g., a malicious
curlcommand) in the 'Quick Find' or 'Setup' sections of the output. - Sanitization: There is no logic or instruction for the agent to sanitize, escape, or validate content harvested from the repository before interpolating it into the final documentation templates.
Recommendations
- AI detected serious security threats
Audit Metadata