readme-expert
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill extracts code blocks from README files and saves them to temporary files (e.g.,
/tmp/test_example.js) for local execution via Node.js, Python, or Bash runtimes. This poses a significant risk if the content being processed is untrusted. - [COMMAND_EXECUTION]: Extensive use of shell commands to perform codebase scanning, dependency installation, and CLI tool testing. While the instructions include safety checks and permission prompts, the underlying capability allows for the execution of arbitrary commands derived from the processed codebase.
- [DATA_EXFILTRATION]: The skill is configured to scan for and read sensitive configuration files such as
.envandpackage.json. When combined with itsWebFetchcapability for link validation and network operations viacurlorwgetin scripts, this creates a potential vector for data exfiltration. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. Malicious instructions embedded in the project files, code comments, or existing documentation being scanned could influence the agent's behavior during the README generation or validation process.
Audit Metadata