agents-md-generator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell and PowerShell scripts provided within its directory to automate project analysis. Specifically:
  • scripts/detect-agent-context: Scans the project root and the user's home directory (e.g., ~/.claude, ~/.roo) to identify existing AI tool configurations and MCP settings.
  • scripts/scan-skill-duplicates: Traverses the skills/ directory and computes SHA-256 hashes of files to identify and consolidate duplicate skill implementations.
  • scripts/archive-roadmap-progress: Performs file manipulation (reading, writing, and archiving) on ROADMAP.md and PROGRESS.md files using standard utilities like awk and mktemp.
  • [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection because it reads untrusted data from project configuration files and interpolates it into the generated CLAUDE.md file.
  • Ingestion points: The skill reads metadata from package.json, composer.json, pyproject.toml, and other root configuration files.
  • Boundary markers: The generated instructions in assets/templates/ do not use boundary markers or explicit 'ignore instructions' warnings when including detected project values.
  • Capability inventory: The skill possesses the capability to write files to the project root and execute local scripts.
  • Sanitization: No sanitization or validation is performed on the detected strings (e.g., framework versions or package descriptions) before they are placed into the final instruction file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:48 AM
Security Audit — agent-trust-hub — agents-md-generator