Skills
skills/flonat/claude-research/init-project-research/Gen Agent Trust Hub

init-project-research

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PRIVILEGE_ESCALATION]: The skill contains instructions to automatically merge global security permissions (allowed and denied tools) from ~/.claude/settings.json into the newly created project's .claude/settings.local.json. This bypasses the security model intended to provide project-specific isolation, propagating global trust to a new, potentially unreviewed directory.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform complex shell operations, including directory scaffolding, symlinking, and git repository management. It also generates a run_all.sh script designed to execute Python, R, and Stata scripts automatically based on file extensions, which represents a broad surface for command execution.
  • [CREDENTIALS_UNSAFE]: Instructions in references/round-1-venue.md specify that certain features (journal SJR score lookups) require a SCOPUS_API_KEY. While no keys are hardcoded, the skill is designed to interact with and potentially expose sensitive API credentials stored in the environment.
  • [DATA_EXFILTRATION]: The skill is configured to read from sensitive configuration paths such as ~/.claude/settings.json, ~/.config/task-mgmt/, and the ~/Research-Vault. It also has the capability to create remote GitHub repositories (gh repo create) and push content, which could be used to exfiltrate discovered configuration or research data.
  • [PROMPT_INJECTION]: Phase 1 (Pre-Interview) involves scanning existing project files (LaTeX and Markdown) to extract metadata like titles, authors, and abstracts. This creates a surface for indirect prompt injection if the project directory contains malicious files designed to influence the agent's behavior during the interview-driven setup.
  • [REMOTE_CODE_EXECUTION]: The skill uses uv run python to execute local scripts like packages/atlas-vault/schema.py and generate_recap.py. While these appear to be part of the local environment, the use of uv and sub-agent tasks allows for the dynamic loading and execution of code based on project state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 01:54 AM