Skills
skills/eljun/kt-skills/bootstrap-project/Gen Agent Trust Hub

bootstrap-project

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill clones a project template from the repository https://github.com/eljun/kt-monorepo-template.git. This is an external source owned by the skill's author.
  • [REMOTE_CODE_EXECUTION]: The workflow runs npm install in the cloned project directory, which executes any installation or lifecycle scripts defined in the template's package.json. Additionally, the skill uses npx -y sanity@latest to execute remote code from the Sanity package registry.
  • [COMMAND_EXECUTION]: The skill executes multiple sensitive commands using CLIs like gh, vercel, git, and npm. Specifically, it uses gh repo create eljun/{slug} which hardcodes the GitHub namespace to the author's account (eljun), potentially creating the repository in an unintended location for the user.
  • [DATA_EXFILTRATION]: The skill pulls environment variables (potentially containing secrets) from Vercel using vercel env pull .env.local. It then performs a git add . and git push. If the provided template's .gitignore file does not correctly exclude .env.local, these sensitive secrets would be uploaded to a remote GitHub repository.
  • [COMMAND_EXECUTION]: The skill uses rm -rf to delete the .git directory of the cloned template and performs text substitutions across the project files using grep and redirection, which are powerful filesystem operations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 09:15 AM
Security Audit — agent-trust-hub — bootstrap-project