agents-md
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform file management tasks using shell commands such as find, mv, and ln -s. It also recommends a validation loop where the agent executes core project commands like dev, test, and build discovered in audited files to verify their functionality.
- [PROMPT_INJECTION]: The skill is designed to ingest and process instructions from project-level files (e.g., AGENTS.md, CLAUDE.md) which are user-controlled and potentially malicious. This creates a surface for indirect prompt injection.
- Ingestion points: Project instruction files identified in the repository root and subdirectories.
- Boundary markers: No specific delimiters or boundary markers are utilized to isolate the ingested data from the agent's core instructions.
- Capability inventory: The agent can find, move, and link files, and is explicitly instructed to execute shell commands specified within the user's project configuration.
- Sanitization: There is no evidence of sanitization or filtering of the instructions or commands retrieved from the files being audited.
Audit Metadata