agents-md-generator
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes and executes several helper scripts (
detect-agent-context,scan-skill-duplicates,archive-roadmap-progress) in Bash, CMD, and PowerShell formats to automate project discovery and maintenance tasks. - [DATA_EXFILTRATION]: The
detect-agent-contextscript is designed to check for the existence of AI instruction files in the user's home directory (e.g.,~/.claude/CLAUDE.md,~/.codex/config.toml,~/.roo/rules/). While this is intended to warn users about prompt overrides, it constitutes access to potentially sensitive files outside the immediate project scope. - [PROMPT_INJECTION]: The skill performs automated scans of project-level configuration files (such as
package.json,composer.json, andpyproject.toml) to detect the tech stack. These files represent an untrusted ingestion surface where malicious content could influence the agent's behavior during the generation process. - Ingestion points: Project configuration files and directory structures scanned during Phase 2 and Phase 4.
- Boundary markers: The scanning logic does not explicitly define the use of strict delimiters or instructions to ignore embedded natural language prompts within the scanned data.
- Capability inventory: The skill can create and modify files (
CLAUDE.md,AGENTS.md) and execute scripts for file hashing and context reporting. - Sanitization: There is no explicit evidence of sanitization or content validation for data extracted from scanned files before it is processed by the LLM.
- [METADATA_POISONING]: The skill's YAML frontmatter identifies the author as 'Official', which contrasts with the provided author context 'thienanblog'. This metadata discrepancy may be misleading regarding the skill's origin.
Audit Metadata