Skills
skills/narumiruna/skills/writing-agents-md/Gen Agent Trust Hub

writing-agents-md

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill instructions proactively address security concerns by forbidding the inclusion of secrets, credentials, or security-bypass instructions in the generated documentation.
  • [SAFE]: The skill defines a clear process for grounding instructions in existing repository evidence (config files, READMEs) to ensure accuracy and prevent the generation of hallucinated or incorrect commands.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by ingesting untrusted repository data (README.md, CONTRIBUTING.md, config files) to generate documentation.
  • Ingestion points: repository metadata and documentation files such as README.md, CONTRIBUTING.md, package.json, and other build manifests.
  • Boundary markers: No explicit delimiters are used for source data, though instructions specify that user prompts take precedence over repository instructions.
  • Capability inventory: The skill is designed to write or update repository documentation files (AGENTS.md).
  • Sanitization: The skill provides explicit instructions to exclude secrets, credentials, and instructions that encourage bypassing security checks from the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 03:25 PM
Security Audit — agent-trust-hub — writing-agents-md