nav-init
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate initialization tasks, such as creating the
.agent/directory structure and populating it with documentation templates and Grafana configuration files. - [COMMAND_EXECUTION]: The skill configures a
PostToolUsehook in.claude/settings.jsonwhich executes a local Python script (monitor-tokens.py) to monitor context usage after tool calls. This is a persistent automation within the agent's environment used for its stated purpose. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from project configuration files to populate documentation templates.
- Ingestion points: Data is read from
package.json,pyproject.toml,go.mod,Cargo.toml,composer.json, andGemfileusing theproject_detector.pyscript. - Boundary markers: The skill does not implement boundary markers or instructions to ignore instructions embedded in the project files during the template replacement process.
- Capability inventory: The skill possesses
Write,Bash,Read, andGlobcapabilities as defined in the frontmatter. - Sanitization: There is no evidence of input validation or sanitization for the project names or stack descriptions before they are interpolated into the generated files.
Audit Metadata