Skills
skills/bntvllnt/agent-skills/oss-readiness/Gen Agent Trust Hub

oss-readiness

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its documentation generation logic. \n
  • Ingestion points: Metadata and content are read from files like package.json, Cargo.toml, pyproject.toml, and README.md (specifically in references/llms-generation.md and references/version-sync.md). \n
  • Boundary markers: None are present in the generation templates to delimit untrusted project content from agent instructions. \n
  • Capability inventory: The skill uses file-write operations to create documentation and uses shell commands (node -e, grep) to process strings. \n
  • Sanitization: There is no evidence of sanitization or escaping of external project content before it is interpolated into output files. \n- [COMMAND_EXECUTION]: The skill utilizes local shell commands including git, gh, grep, find, and node -e to perform repository audits and metadata extraction. These commands are used as intended for project analysis and do not target sensitive system paths. Evidence found in SKILL.md and across files in the references/ directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 07:35 PM