agents-md-generator
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell and PowerShell scripts provided within its directory to automate project analysis. Specifically:
scripts/detect-agent-context: Scans the project root and the user's home directory (e.g.,~/.claude,~/.roo) to identify existing AI tool configurations and MCP settings.scripts/scan-skill-duplicates: Traverses theskills/directory and computes SHA-256 hashes of files to identify and consolidate duplicate skill implementations.scripts/archive-roadmap-progress: Performs file manipulation (reading, writing, and archiving) onROADMAP.mdandPROGRESS.mdfiles using standard utilities likeawkandmktemp.- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection because it reads untrusted data from project configuration files and interpolates it into the generated
CLAUDE.mdfile. - Ingestion points: The skill reads metadata from
package.json,composer.json,pyproject.toml, and other root configuration files. - Boundary markers: The generated instructions in
assets/templates/do not use boundary markers or explicit 'ignore instructions' warnings when including detected project values. - Capability inventory: The skill possesses the capability to write files to the project root and execute local scripts.
- Sanitization: No sanitization or validation is performed on the detected strings (e.g., framework versions or package descriptions) before they are placed into the final instruction file.
Audit Metadata