skills/adobe/skills/ensure-agents-md/Gen Agent Trust Hub

ensure-agents-md

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs automated project bootstrapping by creating AGENTS.md and CLAUDE.md files. This behavior is transparent, documented, and restricted to the workspace root.
  • [SAFE]: The skill uses official Adobe documentation and repository links (e.g., experienceleague.adobe.com, github.com/adobe/*), which are trusted vendor resources.
  • [SAFE]: File operations are restricted to reading project configuration (pom.xml, package.json) and writing new documentation files. It explicitly refuses to overwrite existing files, preventing accidental data loss.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a minor surface for indirect prompt injection as it ingests untrusted metadata (project names and module lists) from files like pom.xml and interpolates them into agent-facing instructions (AGENTS.md).
  • Ingestion points: pom.xml (<name>, <artifactId>, <modules>) and ui.frontend/package.json.
  • Boundary markers: Absent; the content is placed directly into the generated markdown.
  • Capability inventory: Uses fs.write to create permanent project documentation that influences future agent behavior.
  • Sanitization: Includes basic string manipulation (title-casing, prefix stripping) which provides minimal protection against malicious payloads in project metadata.
  • [COMMAND_EXECUTION]: While the generated AGENTS.md file contains examples of Maven and npm build commands, the skill itself does not execute these commands; it only documents them for the developer.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 01:28 PM
Security Audit — agent-trust-hub — ensure-agents-md