project-init

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill reads the global configuration file located at ~/.claude/CLAUDE.md. This is a sensitive location used to store cross-project agent instructions. The skill uses this data to ensure project-specific documentation adheres to a 'global protocol' defined by the user.
  • [COMMAND_EXECUTION]: The skill utilizes a local shell script scripts/init.sh to perform environment detection and directory scaffolding. These operations are standard for a project initialization tool.
  • [REMOTE_CODE_EXECUTION]: The workflow involves delegating skill installation to an external utility named skill-manager. If the utility is missing, the skill provides an installation command pointing to the author's GitHub repository (github.com/cat-xierluo/legal-skills). This is consistent with the vendor's documented ecosystem.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It reads untrusted project files (such as package.json and README.md) and interpolates their content into the generated CLAUDE.md file. Since CLAUDE.md serves as the agent's primary instruction set for the project, malicious content in the scanned files could potentially influence the agent's future behavior. However, this is a common architectural risk in context-aware agents.
  • [SAFE]: Static analysis identified potentially destructive commands in references/settings-template.json. Upon review, these strings are contained within a deny list intended to restrict the agent's permissions, which is a defensive security measure rather than a threat.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:24 AM
Security Audit — agent-trust-hub — project-init