create-readme
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it reads project workspace content to generate a README.
- Ingestion points: Reads all files within the project workspace to gather context.
- Boundary markers: The instructions do not define specific delimiters or provide guidance to ignore embedded commands.
- Capability inventory: The agent possesses file-read and file-write capabilities necessary for README generation.
- Sanitization: No explicit sanitization or validation of the workspace content is defined.
- [EXTERNAL_DOWNLOADS]: Fetches markdown templates from external GitHub repositories for style and structure.
- Evidence: References raw content from Azure-Samples (Microsoft) and sinedied repositories.
- Context: These sources are used neutrally for inspiration and do not involve executable code or package installations.
Audit Metadata