project-init
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads the global configuration file located at
~/.claude/CLAUDE.md. This is a sensitive location used to store cross-project agent instructions. The skill uses this data to ensure project-specific documentation adheres to a 'global protocol' defined by the user. - [COMMAND_EXECUTION]: The skill utilizes a local shell script
scripts/init.shto perform environment detection and directory scaffolding. These operations are standard for a project initialization tool. - [REMOTE_CODE_EXECUTION]: The workflow involves delegating skill installation to an external utility named
skill-manager. If the utility is missing, the skill provides an installation command pointing to the author's GitHub repository (github.com/cat-xierluo/legal-skills). This is consistent with the vendor's documented ecosystem. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It reads untrusted project files (such as
package.jsonandREADME.md) and interpolates their content into the generatedCLAUDE.mdfile. SinceCLAUDE.mdserves as the agent's primary instruction set for the project, malicious content in the scanned files could potentially influence the agent's future behavior. However, this is a common architectural risk in context-aware agents. - [SAFE]: Static analysis identified potentially destructive commands in
references/settings-template.json. Upon review, these strings are contained within adenylist intended to restrict the agent's permissions, which is a defensive security measure rather than a threat.
Audit Metadata