github-readme-generator
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates locally using predefined Markdown templates and project file analysis to generate documentation. No indicators of malicious intent, data exfiltration, or unauthorized command execution were found.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes project files which could contain malicious instructions. This is a low-risk inherent characteristic of tools that analyze external content.
- Ingestion points: Project configuration files (e.g.,
package.json,go.mod,pom.xml) and directory structure analysis mentioned inSKILL.md. - Boundary markers: Absent; the skill relies on the agent's contextual understanding to parse file data rather than explicit delimiters.
- Capability inventory: File reading for metadata extraction and generating text output based on findings.
- Sanitization: No explicit sanitization or instruction to ignore embedded commands in the source files is provided.
- [SAFE]: Templates and examples include the author's (
wwwzhouhui) WeChat ID, email, and donation QR codes hosted on a Tencent Cloud COS bucket. As these resources belong to the vendor's infrastructure and identity, they are documented as neutral vendor resources.
Audit Metadata