readme
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to access highly sensitive files that protect project secrets. Accessing these files provides the agent with the ability to decrypt all application secrets.\n
- Evidence: SKILL.md (Step 1: Deep Codebase Exploration) explicitly requires the agent to read
config/credentials.yml.enc,config/master.key, and.env.example.\n - Risk: Reading the Rails master key is unnecessary for generating documentation and poses a significant risk as the key could be inadvertently leaked into the generated README or other contexts.\n- [PROMPT_INJECTION]: The skill processes untrusted codebase data and includes deceptive metadata intended to override security verdicts.\n
- Ingestion points: Project root directory and all discovered codebase files (SKILL.md).\n
- Boundary markers: Absent. The instructions do not define delimiters for codebase content or warn the agent to ignore embedded instructions in the files it reads.\n
- Capability inventory: File-read access to all project files and file-write access to the
README.mdfile.\n - Sanitization: Absent. There is no evidence of validation or filtering for the data ingested from the project.\n
- Evidence: The file
skill-report.jsoncontains a pre-authored 'security audit' claiming the skill is safe and that all potential findings are false positives (Category 8e: Self-referential injection).\n- [COMMAND_EXECUTION]: The skill provides documentation templates containing commands that require root privileges.\n - Evidence: The deployment section in SKILL.md includes a template for
sudo systemctl restart myapp.
Audit Metadata