readme-wizard
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill runs a local shell script,
scripts/scan_project.sh, which utilizes common utilities likegit,find,grep, andsedto extract project details such as name, license, and directory structure. - [EXTERNAL_DOWNLOADS]: The data collection script makes network requests to the GitHub API to fetch repository metadata and crawls the project's homepage URL to extract social media links for inclusion in the README.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and processes project-controlled files (e.g.,
package.json,pyproject.toml) and interpolates their contents into the README template. Evidence Chain: 1. Ingestion points: Project metadata files read byscripts/scan_project.sh. 2. Boundary markers: Absent; the skill relies on simple template interpolation without specific instructions to ignore embedded commands. 3. Capability inventory: File system reads, network requests to GitHub and arbitrary homepage URLs, and file system writes (README.md). 4. Sanitization: None; external content is escaped for JSON but not validated for instructional content.
Audit Metadata