agents-md-crafter
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify using the
treecommand or equivalent scripts to map the repository structure. This is a legitimate operation for gathering context to generate accurate documentation and does not represent an attempt to gain unauthorized access.\n- [PROMPT_INJECTION]: The skill analyzes existing instruction files (e.g., AGENTS.md, .cursorrules) to identify 'instruction drift' and perform refactoring. This ingestion of potentially attacker-controlled content from the repository context constitutes a surface for indirect prompt injection.\n - Ingestion points: Workflow steps in SKILL.md involve listing the root directory and reading existing instruction files to scan for conflicts.\n
- Boundary markers: The skill lacks explicit instructions to treat existing file content as untrusted or to wrap it in safety delimiters during the refactoring process.\n
- Capability inventory: The skill has the ability to read the file system and write/modify markdown files across the repository.\n
- Sanitization: There is no evidence of sanitization or filtering of the content being read from the existing repository files.
Audit Metadata