project-setup
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill analyzes local project configuration files (e.g., package.json, pyproject.toml) and the folder structure (including
.git/) to identify the technical stack. This data is used solely to generate local documentation and is never transmitted externally. - [COMMAND_EXECUTION]: The skill identifies build and test commands by reading project files but does not execute them. It only records these commands as references within the generated
CLAUDE.mdandconfig.yamlfiles. - [PROMPT_INJECTION]: No attempts to override agent behavior, bypass safety guidelines, or extract system prompts were detected. The instructions follow a standard procedural format.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data.
- Ingestion points: Reads content from
package.json,README.md, and other configuration files in the project root. - Boundary markers: No explicit markers are used when interpolating detected strings into documentation templates.
- Capability inventory: The skill has file-writing capabilities across the project directory but does not have network access or code execution capabilities.
- Sanitization: No explicit sanitization of ingested project metadata is performed before writing it to files.
Audit Metadata