good-readme

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection exists as the skill ingests untrusted project data to perform its analysis.\n
  • Ingestion points: Local project source code, manifest files (package.json, Cargo.toml, pyproject.toml, go.mod), and existing documentation files as described in SKILL.md.\n
  • Boundary markers: Absent; the skill instructions do not specify the use of delimiters or instructions to ignore embedded directives in the ingested source material.\n
  • Capability inventory: The skill uses file system read access and text generation to analyze projects and produce documentation.\n
  • Sanitization: No explicit sanitization, validation, or escaping of the content read from the project files is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 03:50 AM
Security Audit — agent-trust-hub — good-readme