crafting-effective-readmes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The skill consists entirely of markdown templates and reference materials designed to help the agent structure project documentation.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest existing project data (such as
package.jsonand existing documentation) to provide context for updates. This constitutes an indirect prompt injection surface. However, the risk is minimal as the skill's output is limited to text generation and does not involve executing commands or performing sensitive operations based on that data. - Ingestion points: Reads
package.jsonand localREADME.mdfiles (as specified inSKILL.mdunder the Reviewing/refreshing task). - Boundary markers: No specific boundary markers or 'ignore' instructions are used when interpolating file content into the prompt.
- Capability inventory: No executable capabilities (subprocess calls, file-write, or network operations) are present in the skill.
- Sanitization: No sanitization is performed on ingested file content before it is processed for documentation drafting.
Audit Metadata