init-deep
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted project files. During the discovery phase, it reads existing
AGENTS.mdandCLAUDE.mdfiles to extract insights and conventions which are then used to guide the documentation generation process. - Ingestion points: Files located via
find . -type f \( -name "AGENTS.md" -o -name "CLAUDE.md" \)are read in Phase 1 of the workflow inSKILL.md. - Boundary markers: The skill instructions do not specify any delimiters or safety markers to isolate the content of the read files from the agent's core instructions.
- Capability inventory: The skill has the ability to spawn additional agents (
multi_agent_v1.spawn_agent), execute shell commands for analysis, and write or edit files on the filesystem. - Sanitization: There is no evidence of content sanitization or validation performed on the data extracted from existing project documentation before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill utilizes bash scripts to perform structural analysis of the repository. It executes commands such as
find,awk,wc,sed,sort, anduniqto measure project scale (file counts, line counts, directory depth) and determine the number of sub-agents to spawn dynamically.
Audit Metadata