project-init
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for project environment discovery (ls, find), configuration verification (cat, grep), and setup tasks (cp, chmod). Specifically, it grants execution permissions to hook scripts within the project directory.
- [EXTERNAL_DOWNLOADS]: Fetches and executes the @modelcontextprotocol/server-memory package using npx during the optional MCP configuration phase. This package is provided by a well-known service.
- [PROMPT_INJECTION]: The skill identifies and processes data from local project files (e.g., README.md, package.json) to populate the generated CLAUDE.md instructions, creating an indirect prompt injection surface. Evidence: 1. Ingestion points: Reads metadata and descriptions from package.json, README.md, and pyproject.toml. 2. Boundary markers: Absent; the ingested content is directly interpolated into the output instructions. 3. Capability inventory: The skill can execute shell commands, copy files, and install packages. 4. Sanitization: No sanitization or filtering is applied to the data extracted from the project files before it is included in the instruction template.
Audit Metadata