readme-craft
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary behavior is reading project metadata (e.g., package.json, LICENSE, CI/CD configs) to generate a README file. This is a legitimate documentation task and uses standard file access tools.
- [PROMPT_INJECTION]: The instructions include a behavioral constraint ('CRITICAL: Execute ALL steps yourself... Do NOT spawn agents or delegate to subagents'). While this attempts to control platform-level agent delegation, it is directed at maintaining session consistency and does not target safety filter bypass or malicious behavior.
- [DATA_EXFILTRATION]: No network exfiltration patterns or unauthorized network calls were found. The skill constructs standard shields.io badges and contributor links which are typical for open-source documentation.
- [COMMAND_EXECUTION]: The skill uses read-only operations (Read, Glob, Grep) to analyze the project context. It does not perform write operations to sensitive system files or execute arbitrary shell commands.
Audit Metadata