project-readme
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted local project files (e.g., C source code, CLAUDE.md, WIRING.md) to generate a README.md. This ingestion of external data constitutes an indirect prompt injection surface where malicious content within those files could influence the agent's behavior.
- Ingestion points: main/.c, main/.h, main/CMakeLists.txt, sdkconfig.defaults, justfile, CLAUDE.md, WIRING.md, Kconfig.projbuild.
- Boundary markers: No explicit delimiters or instructions are used to separate the untrusted data from the task instructions.
- Capability inventory: Read, Write, Edit, Grep, Glob, Agent.
- Sanitization: No content validation or sanitization is performed on the ingested file data.
Audit Metadata