yy-create-readme
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and associated templates are focused on documentation generation and exhibit no malicious intent.
- [DATA_EXPOSURE]: The skill reads project-specific configuration files (such as package.json, pom.xml, and LICENSE) to gather metadata for the README. This access is limited to the project root and is functional for the skill's purpose, rather than targeting sensitive user credentials or system files.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it processes untrusted local data.
- Ingestion points: Local project files, including existing README content and package manifests, are read into the agent's context.
- Boundary markers: The instructions do not specify the use of delimiters or specific warnings to ignore instructions found within analyzed files.
- Capability inventory: The skill utilizes file system read and write capabilities.
- Sanitization: No sanitization or validation of the input file content is mentioned.
Audit Metadata