readme-maker
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process content from a project's codebase, including instruction files such as
AGENTS.md,CLAUDE.md, andGEMINI.md, to generate documentation. This creates a surface where malicious instructions embedded in the project files could influence the agent's behavior during the README generation process. - Ingestion points: The skill reads various files within the repository during the project discovery phase, as specified in
rules/project-discovery.mdandrules/project-discovery.ko.md. - Boundary markers: The instructions do not define explicit boundary markers or directives to ignore instructions contained within the ingested project files, although they emphasize grounding output in repository evidence.
- Capability inventory: The skill utilizes
read,edit,write,find,grep, andlstools to interact with the file system. - Sanitization: No specific sanitization or filtering of the ingested file content is mentioned before it is processed by the model.
Audit Metadata