setup-rules
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard local utilities like find, grep, git, and ls, along with search tools to inspect the repository. These commands are used for codebase analysis and are not influenced by untrusted remote input.
- [PROMPT_INJECTION]: The skill handles the creation of instructions that influence agent behavior. While it processes codebase content to generate these rules, it mitigates potential indirect prompt injection by requiring user review and manual confirmation (diff review) before any files are written to disk.
- [SAFE]: Analysis of the multi-phase workflow confirms that all operations (file migration, rule generation, and MCP server documentation) are performed locally within the project directory. No evidence of data exfiltration, obfuscation, or unauthorized remote code execution was found.
Audit Metadata