llms-txt-generator
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill reads local project files, configuration files like
package.json, and code comments to extract documentation metadata. This activity is restricted to the local environment and aligns with the skill's primary purpose. - [COMMAND_EXECUTION]: The instructions involve generating a local JavaScript utility script to automate the documentation process. This dynamic code generation uses predefined templates provided within the skill's instructions.
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as it ingests untrusted data from the repository's source code and comments. Ingestion occurs during project analysis, while capabilities include local file writing and bash execution via the generated script. No explicit sanitization or boundary markers are defined in the documentation templates. However, the risk is considered low given the intended development workflow.
Audit Metadata