start
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script located at
${CLAUDE_PLUGIN_ROOT}/scripts/cli initto initialize the environment when Builder Mode is detected. - [INDIRECT_PROMPT_INJECTION]: The skill reads data from files that may be attacker-controlled within a shared environment, creating a surface for indirect prompt injection.
- Ingestion points: Reads
README.md,package.json,pyproject.toml,CLAUDE.md, andAGENTS.md(specified inSKILL.md). - Boundary markers: None present; the skill directly incorporates content from these files into the user profile.
- Capability inventory: Executes shell commands via the local CLI script (specified in
SKILL.md). - Sanitization: No evidence of sanitization or validation of the ingested file content.
Audit Metadata