llms-txt-generator
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from external websites and local source files. Ingestion points include web content retrieved via Chrome DevTools or fetch (SKILL.md, Step 3B) and local framework source files (SKILL.md, Step 2A). The instructions lack explicit delimiters or warnings to isolate ingested data from the command context. The agent has capabilities for filesystem operations, network egress, and potential shell command execution for Git-related tasks. No technical data sanitization is implemented beyond instructions to remain factual.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to crawl user-specified URLs and verifies existing files at the web root of target domains. It also references the official specification at llmstxt.org.
- [COMMAND_EXECUTION]: The skill is configured to interact with the local filesystem and may use Git or GitHub CLI tools to create pull requests for the generated files as part of its deployment workflow.
Audit Metadata