yatmn-readme
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to 'Run safe, cheap verification commands' and inspect 'package-script listing' from the repository being analyzed (SKILL.md, Workflow step 6). This introduces a risk of executing malicious scripts if the repository contains scripts designed to execute during development or testing.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it requires the agent to read and process various repository files, including source code and documentation (SKILL.md, Workflow step 1). Attacker-controlled instructions in these files could subvert the agent's logic.
- Ingestion points: Repository root files, source code, and manifests (SKILL.md, Workflow step 1).
- Boundary markers: No explicit markers are defined to distinguish between agent instructions and untrusted data from the repository.
- Capability inventory: The agent can write files and execute local shell commands (SKILL.md, Workflow steps 1, 4, 5, 6).
- Sanitization: No sanitization of the ingested content is specified.
- [CREDENTIALS_UNSAFE]: The workflow instructs the agent to 'Identify... environment variables, credentials' (SKILL.md, Workflow step 2). This creates a risk of sensitive information being exposed in the generated documentation or the interaction context.
Audit Metadata