init-project
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/generate.pyscript executes shell commands to detect the system's language usingsubprocess.run(shell=True). While the commands are defined in the skill's ownconfig.yaml, the use of shell execution is a security best-practice violation and a potential risk vector if the configuration is manipulated.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted project metadata (such as titles and descriptions fromREADME.md) and interpolating it directly into generated AI instruction files (AGENTS.md,CLAUDE.md). A malicious project could inject instructions that influence the behavior of agents reading these documents.\n - Ingestion points: Project metadata files including
README.md,pyproject.toml, andpackage.jsonprocessed inscripts/generate.py.\n - Boundary markers: Absent; untrusted content is inserted into Markdown templates without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: Local file writing for project documentation and shell command execution via language detection in
scripts/generate.py.\n - Sanitization: Absent; the
replace_placeholdersmethod inscripts/generate.pyperforms simple string replacement without validation or escaping.
Audit Metadata