agents-md-gen
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions reference a repository (
yarlson/skills) not included in the trusted source list. Fetching and adding skills from unverified third-party repositories poses a risk of executing unvetted code or prompts. - Indirect Prompt Injection (LOW): The skill explicitly 'explores your codebase' to generate context files. This behavior introduces a data ingestion surface where malicious instructions embedded in project files (e.g., hidden in comments or documentation) could influence the agent's output.
- Ingestion points: Local project files and codebase structure.
- Boundary markers: None specified in the provided documentation.
- Capability inventory: File system read (exploring codebase) and file system write (generating AGENTS.md/CLAUDE.md).
- Sanitization: No evidence of sanitization or filtering of codebase content before processing.
Audit Metadata