do-setup
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill performs an analysis of the project's structure and configuration files (such as
package.json,README.md, and stack-specific manifest files) to generate a project summary and convention list. It explicitly excludes sensitive directories like.ssh,.aws, and dependency folders, focusing only on metadata necessary for development environment setup. - [COMMAND_EXECUTION]: During the installation phase (Step 5), the skill uses standard shell commands (
mkdir,cp,rm) to copy its own template files into the project's configuration directories (e.g.,.claude/agents/). These operations are local to the skill's distribution and the project directory, serving the intended purpose of setting up orchestration tools. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes untrusted project data (like
README.md) to create configuration summaries. Although it lacks explicit boundary markers or sanitization for this ingested content, the risk is mitigated by the skill's narrow operational scope and the mandatory manual tool selection required in Step 0, which prevents fully autonomous or hidden execution on unknown projects.
Audit Metadata