crafting-effective-readmes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions in SKILL.md and README.md provide clear, benign process-oriented guidance for documentation tasks. No attempts to override agent safety filters or bypass system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): The 'internal.md' template includes placeholders for documenting environment variables like
API_KEYandDATABASE_URL. These are strictly for user documentation purposes and are not associated with any network commands or data collection logic. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): This skill contains no executable code (Python, JavaScript, or Shell scripts) and no package management files. It functions entirely through Markdown templates and instructions.
- [Indirect Prompt Injection] (LOW): The skill involves reading project files (e.g., package.json) to verify documentation accuracy. This represents a standard documentation use case where the agent processes untrusted local data, but the skill lacks the capabilities (like network access or command execution) to be exploited via this vector.
Audit Metadata