sc-readme
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly includes
.env*files in its 'Change Categories' for analysis. Accessing environment files is a high-risk activity as they frequently contain sensitive information such as API keys, database credentials, and private tokens. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to rungit diffandgit logcommands. These commands are executed using branch names provided as input (e.g.,--base), which can lead to command injection if the branch names are not properly sanitized before being passed to the shell. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes untrusted data from the repository's git history and source files.
- Ingestion points: Data enters the agent's context through
git diffoutputs,git logcommit messages, and the content of modified source files. - Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the files being analyzed.
- Capability inventory: The agent possesses the capability to execute shell commands (
Bash), read arbitrary files (Read), and modify repository files (Write). - Sanitization: The skill does not describe any methods for filtering or sanitizing the content of the files or diffs before they are used to generate the final README content.
Audit Metadata