readme-gen
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [External Downloads] (MEDIUM): The installation instructions utilize
npx skills addto fetch and install a skill from a GitHub repository (yarlson/skills) that is not on the list of trusted organizations. This constitutes an unverifiable dependency and remote code download. - [Indirect Prompt Injection] (LOW): The skill documentation states it "explores your codebase" to generate documentation. This provides a large data ingestion surface for indirect prompt injection, where malicious instructions hidden in the analyzed codebase could influence the agent's behavior.
- Ingestion points: All files within the local project codebase.
- Boundary markers: No delimiters or "ignore instructions" warnings are mentioned for the analysis phase.
- Capability inventory: File-read access to the codebase; likely file-write access for generating documentation.
- Sanitization: No sanitization of ingested code content is specified.
- [No Code] (SAFE): The provided content consists solely of a documentation file (README.md). No executable scripts, YAML definitions, or skill logic were included in this analysis, limiting verification to the described behavior and installation methods.
Audit Metadata