readme-grader
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to fetch and analyze the content of README files from arbitrary user-provided GitHub URLs. Malicious instructions embedded in a remote README could potentially hijack the agent's behavior or influence subsequent tasks in the session.
- Ingestion points: In
SKILL.md, the instruction "If the user provides a GitHub repository URL, you should fetch the README.md content from the repository first before grading" establishes a direct path for untrusted data into the agent's context. - Boundary markers: Absent. The prompt does not define clear boundaries (such as XML tags or specific delimiters) for the fetched content, nor does it explicitly instruct the agent to disregard any directives found within the external text.
- Capability inventory: The skill utilizes the agent's text analysis and summarization capabilities. If the agent has other active tools (e.g., shell execution or file management), an injection payload could attempt to invoke them.
- Sanitization: Absent. There is no evidence of sanitization, filtering, or validation performed on the fetched README content before it is processed by the model.
Audit Metadata