Skills
skills/wottpal/skills/readme-agents-writer/Gen Agent Trust Hub

readme-agents-writer

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts provided within the skill package (scripts/set-doc-triplet.sh and scripts/check-doc-triplets.py) to manage file symlinks and audit documentation triplets.
  • [DATA_EXPOSURE]: The fact-verification guide instructions lead the agent to search the codebase for sensitive identifiers such as constants and environment variables (ENV_VAR) using ripgrep. While this is intended for documentation accuracy, it involves accessing potentially sensitive configuration names.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it instructs the agent to read and process untrusted repository data (code, configuration, and existing documentation) to build its 'fact inventory' without explicit sanitization or boundary markers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 01:02 PM