Skills
skills/coroboros/agent-skills/write-clear-readme/Gen Agent Trust Hub

write-clear-readme

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from README.md and other repository files. Malicious instructions embedded in a target README could potentially influence the agent's behavior during the 'author' or 'polish' phases.
  • Ingestion points: The agent reads project files using the Read tool and the audit_readme.py script.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the content being processed.
  • Capability inventory: The skill possesses Write, Edit, and limited Bash capabilities (git/jq), allowing it to modify the local filesystem.
  • Sanitization: No sanitization or safety-specific filtering of the ingested markdown content is performed.
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (the ! syntax) to execute shell commands at load time for repository discovery.
  • Nature of commands: The shell commands used (git, wc, jq, ls) are benign and intended for metadata collection.
  • Command Injection Analysis: While static analysis flagged the potential for argument injection, manual review confirms that the $ARGUMENTS variable is not passed into any shell commands within the dynamic context placeholders. The commands are statically defined in SKILL.md.
  • [SAFE]: The provided script scripts/audit_readme.py is a deterministic audit tool using Python's standard library. It does not perform network operations, access sensitive system files (beyond the targeted README), or execute external code.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 10:24 AM