bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various framework-specific CLI tools and package manager commands to scaffold projects and install dependencies. Evidence includes instructions to run
npx create-next-app,bunx create-vite,uv init,cargo init, andgo mod init(documented inreferences/stack-matrix.md). - [EXTERNAL_DOWNLOADS]: Fetches project templates and software packages from official registries (NPM, PyPI, Crates.io) and GitHub using standard development tools like
npm,pnpm,bun,uv,cargo, andgo. For example, it installs well-known packages likefastapi,next, andhono(documented inreferences/stack-matrix.md). - [PROMPT_INJECTION]: The skill inherits conventions from untrusted local files, which creates a surface for indirect prompt injection where instructions hidden in those files could influence agent behavior during bootstrapping.
- Ingestion points: Reads
CLAUDE.md,package.json,pyproject.toml,Cargo.toml, and lockfiles to extract architecture patterns and naming conventions (specified inreferences/convention-inheritance.md). - Boundary markers: No explicit boundary markers or instruction-guardrails are defined for the content read from these files.
- Capability inventory: Performs shell command execution, remote package installation, and file system writes across multiple scripts (detailed in
references/scaffolding-steps.mdandreferences/stack-matrix.md). - Sanitization: No sanitization or validation logic is specified for the data extracted from the inherited repository files.
Audit Metadata