project-readme

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes untrusted local project files (e.g., C source code, CLAUDE.md, WIRING.md) to generate a README.md. This ingestion of external data constitutes an indirect prompt injection surface where malicious content within those files could influence the agent's behavior.
  • Ingestion points: main/.c, main/.h, main/CMakeLists.txt, sdkconfig.defaults, justfile, CLAUDE.md, WIRING.md, Kconfig.projbuild.
  • Boundary markers: No explicit delimiters or instructions are used to separate the untrusted data from the task instructions.
  • Capability inventory: Read, Write, Edit, Grep, Glob, Agent.
  • Sanitization: No content validation or sanitization is performed on the ingested file data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 11:52 PM
Security Audit — agent-trust-hub — project-readme