agents-md-lint
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates instructional scaffolding for its sub-agent workflow, using specific templates to define evaluation boundaries and task parameters. This is a functional design element for multi-agent coordination rather than an attempt to bypass safety guidelines.
- [COMMAND_EXECUTION]: The skill performs standard file system maintenance as part of its normalization workflow, such as renaming documentation files and creating symlinks (e.g., CLAUDE.md to AGENTS.md). It also overwrites documentation files with pruned content when the rewrite mode is enabled.
- [DATA_EXFILTRATION]: The skill reads repository documentation and configuration metadata for auditing purposes. These operations are performed locally, and no patterns indicating unauthorized data transmission to external servers were identified.
- [PROMPT_INJECTION]: The skill processes content from repository instruction files which are then incorporated into sub-agent prompts, presenting an indirect injection surface.
- Ingestion points: Instruction files such as AGENTS.md, CLAUDE.md, and .cursorrules are read in Workflow Step 2.
- Boundary markers: The sub-agent prompt explicitly defines exclusion zones to prevent the agent from reading the documentation it is auditing.
- Capability inventory: The skill possesses the capability to rename, symlink, and rewrite files on the local filesystem.
- Sanitization: Findings are validated through a confidence-based scoring system and compared against the original facts before any modifications are proposed or applied.
Audit Metadata