agents-md-improver

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and analyzes untrusted content from repository files (such as AGENTS.md and code_map.md) to generate quality reports and proposed modifications.
  • Ingestion points: External data enters the agent context during 'Phase 1: Discovery' and 'Phase 2: Evidence Collection' in SKILL.md, where the agent reads repository guidance files and manifests (e.g., package.json, Makefile).
  • Boundary markers: Absent. The instructions do not specify using delimiters or explicit 'ignore' instructions when interpolating the content of discovered files into the prompt.
  • Capability inventory: The skill is granted Edit, Write, and limited Bash capabilities (git, find) to modify repository files based on its analysis.
  • Sanitization: Absent. There are no instructions to sanitize or escape the content read from files before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:18 AM
Security Audit — agent-trust-hub — agents-md-improver