llms-txt
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted data from project documentation and live website content.
- Ingestion points: SKILL.md (Phases 1, 2, and 4) specifies reading local files like README.md and fetching content from live URLs.
- Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are implemented when processing these data sources.
- Capability inventory: The skill uses file-read, file-write (Phase 5), and network-fetch (Phases 2 and 4) capabilities.
- Sanitization: No explicit sanitization or filtering of external content is mentioned before it is utilized by the agent.
- [DATA_EXFILTRATION]: The skill facilitates the movement of local project data to public directories (e.g., /public/llms.txt). This presents a risk of data exposure if sensitive information from internal documentation or configuration files is inadvertently identified as project context and published.
Audit Metadata