Skills
skills/tktrev/coding-agents-skills/readme-generator/Gen Agent Trust Hub

readme-generator

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes content from external codebase files which could contain hidden malicious instructions.
  • Ingestion points: Reads local project configuration files (e.g., package.json, Cargo.toml, requirements.txt), existing README.md files, and source code files.
  • Boundary markers: None identified; the skill does not explicitly use delimiters or instructions to ignore embedded commands within the files it analyzes.
  • Capability inventory: Includes file system access (listing and reading files), execution of git commands, and the ability to write/modify the README.md file.
  • Sanitization: No evidence of sanitization or validation of the content extracted from the codebase before it is used in the generation prompt.
  • [COMMAND_EXECUTION]: The skill utilizes system-level commands to perform its analysis.
  • Evidence: Specifically references running git diff and git log to detect codebase changes and understand project history.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 06:26 AM