update-readme
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
update-readme/update-readme.sh) to automate the regeneration of the 'Available Skills' table inREADME.md. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by aggregating data from external skill files into the primary documentation.
- Ingestion points: The script parses the
nameanddescriptionfields from the YAML frontmatter of allSKILL.mdfiles within the repository subdirectories. - Boundary markers: There are no markers or instructions to isolate the parsed content or prevent the agent from obeying instructions embedded in those fields.
- Capability inventory: The script performs file-system reads across the repository and writes the compiled table to the root
README.md(update-readme.sh, line 102). - Sanitization: The script performs minimal cleaning (stripping quotes and spaces) but does not escape Markdown syntax (like
|or backticks), allowing potentially malicious metadata to corrupt the table structure or inject content into the main repository README.
Audit Metadata