README Craft

Name and description match the manifest and included files: the skill audits, creates, and rewrites README files and references repo metadata (package.json, pyproject.toml, etc.). It requests no environment variables, no installs, and no config paths, which is appropriate for a documentation-focused skill.

SKILL.md instructs the agent to read README and project metadata, run a 22-item audit, and generate or rewrite README.md—these actions are within scope. However the allowed-tools list (Bash, WebFetch, Agent, Read/Write/Edit, Grep, Glob) gives the agent broad capabilities (network fetches and shell execution). The skill text references optional actions like generating GIF demos (vhs/asciinema) and verifying artifacts, which could require network access or installing tools; these are plausible for the stated purpose but grant the agent additional discretion. The instructions do not explicitly tell the agent to execute project code or exfiltrate data.

There is no install spec and no code files to execute; this instruction-only skill does not download or install third-party packages by default, reducing risk.

The skill declares no required environment variables, no primary credential, and no config paths. Nothing requests unrelated credentials or elevated access beyond reading repository files.

always is false and the skill is user-invocable. It does not request permanent presence or attempt to modify other skills or system-wide settings. The skill will write README.md in create/rewrite modes but that behavior is consistent with its purpose.