cheez-read
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation references installation commands for the 'tilth' MCP server (
tilth install <host>). These are presented as manual setup instructions for the user/environment and are not automated by the skill itself. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) because its primary function is to read and display external file content.
- Ingestion points:
tilth_readretrieves content from arbitrary files in the repository. - Boundary markers: The tool uses structured headers (e.g.,
# path (lines, tokens) [mode]) and line numbering to delimit file content from agent instructions. - Capability inventory: The skill allows reading files (
tilth_read), listing files (tilth_files), and checking dependencies (tilth_deps). - Sanitization: No explicit sanitization of file content is described; however, the use of structural markers and AST-based outlining reduces the risk of the agent misinterpreting content as commands.
Audit Metadata