Skills
skills/mguinada/agent-skills/agents-md-creator/Gen Agent Trust Hub

agents-md-creator

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use local shell commands such as find, grep, jq, and ls to analyze the repository structure and extract metadata from configuration files. These commands are necessary for the skill's purpose of project discovery and documentation generation.
  • [PROMPT_INJECTION]: The skill reads project-level metadata from files like package.json and README.md to generate documentation. While this creates a surface for indirect prompt injection from malicious project files, it is handled as a low-risk finding inherent to the skill's documentation tasks. 1. Ingestion points: package.json, README.md, turbo.json, nx.json, pnpm-workspace.yaml. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution (find, grep, jq) and file system read/write. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:55 AM
Security Audit — agent-trust-hub — agents-md-creator