setup-chalk
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted data from a local repository (READMEs, configuration files, and source code). If these files contain malicious instructions, they could influence the agent's behavior during the analysis or generation phases. Ingestion points: README.md, package.json, source files (SKILL.md). Boundary markers: Absent. Capability inventory: Bash, Write, Read, Glob, Grep (SKILL.md). Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill requires the Bash tool to perform repository scans (grep, glob). While the instructions specify scanning tasks, the Bash tool provides a broad execution surface on untrusted file paths.
Audit Metadata