llms-txt-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create and suggest the execution of Node.js scripts (e.g.,
node build-scripts/create-llms-docs.js) to automate the extraction of data and generation of documentation. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted content from project files into documentation meant for AI consumption.
- Ingestion points: The skill reads
package.json,src/directories, JSDoc/GoDoc comments, and TypeScript definitions (SKILL.md, Phase 2). - Boundary markers: No explicit delimiters or instructions are provided to the agent to sanitize project content or ignore embedded instructions within the ingested data.
- Capability inventory: The skill generates file-writing logic and suggests running shell commands to execute generator scripts.
- Sanitization: There is no evidence of content filtering or escaping for the data extracted from the project files before it is included in the output files.
Audit Metadata