readme-updater
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits a vulnerability surface for indirect prompt injection because it reads and processes untrusted data from local files.
- Ingestion points: Reads project content via
read_file("README.md")andget_changed_files(). - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the files it analyzes.
- Capability inventory: Uses
replace_string_in_fileto modify the filesystem. - Sanitization: Absent; the skill does not appear to escape or validate the content retrieved from external files before performing updates.
- [Data Exposure] (SAFE): The tool reads standard project documentation and directory structures. It does not target sensitive paths like SSH keys or environment secrets.
- [Remote Code Execution] (SAFE): No remote scripts, package installations, or dynamic execution patterns were detected.
Audit Metadata