Skills
skills/majesticlabs-dev/majestic-marketplace/init/Gen Agent Trust Hub

init

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local bash scripts to perform environment discovery and project setup.
  • The scripts (check-existing.sh, detect-branch.sh, detect-tech-stack.sh, detect-versions.sh, and verify-setup.sh) use standard system utilities like find, git, grep, and sed to analyze the project structure.
  • These scripts are part of the skill's own package and do not involve remote downloads or external command execution.
  • [DYNAMIC_CONTEXT_INJECTION]: The skill uses the !command syntax in SKILL.md to inject project-specific information into the agent's context at load time.
  • This includes running scripts to detect the current git branch and tech stack.
  • One injection (gitignore-add.sh) performs a side-effect by modifying the .gitignore file. While typically context injections are read-only, this action is directly aligned with the 'init' purpose of the skill and occurs within the project's own directory.
  • [DATA_EXPOSURE]: The analysis confirms that the skill only accesses standard project configuration files (e.g., Gemfile, package.json, pyproject.toml) to extract version information and framework names.
  • No access to sensitive directories (like .ssh, .aws) or environment secrets was detected.
  • No network operations or exfiltration patterns were found.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:40 AM