readme-generate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from source code and existing README files and has the capability to write files back to the repository. This creates a vulnerability where malicious instructions embedded in code comments or documentation could influence the agent's behavior. 1. Ingestion points: Source code (controllers), pom.xml, application.yml, and existing README.md files. 2. Boundary markers: None specified. 3. Capability inventory: Script execution via python, file reading, and file writing (README.md). 4. Sanitization: None identified.
- [Data Exfiltration] (HIGH): The skill explicitly targets sensitive configuration files such as application.yml and pom.xml. There is a high risk that hardcoded secrets, API keys, or internal service credentials could be extracted and included in the generated README.md, leading to data exposure.
- [Command Execution] (MEDIUM): The skill executes a local Python script (readme_generator.py) based on user-supplied module paths. While this is standard functionality, it requires the agent to run code that processes potentially malicious local file structures.
Recommendations
- AI detected serious security threats
Audit Metadata