trellis-spec-bootstarp
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires downloading external code analysis tools from remote repositories and package registries.
- Evidence: 'go install github.com/cloudwego/abcoder@latest' in 'references/mcp-setup.md' fetches source code from a public GitHub repository.
- Evidence: 'npx gitnexus analyze' in 'references/mcp-setup.md' downloads and runs a package from the npm registry.
- [REMOTE_CODE_EXECUTION]: The workflow involves executing binaries and MCP servers that are sourced from external providers.
- Evidence: The skill instructs the agent to run 'npx -y gitnexus mcp' and 'abcoder mcp ~/abcoder-asts' to provide the agent with architectural context.
- [COMMAND_EXECUTION]: The skill relies on multiple shell commands to perform repository analysis and verify tool setup.
- Evidence: 'npx gitnexus status', 'abcoder parse ...', and 'grep -R ...' commands are used to process the repository and finalize documentation.
- [PROMPT_INJECTION]: The skill's primary function is to ingest and interpret data from a repository, which is an untrusted external source.
- Ingestion points: File paths, source code files, package manifests, and documentation found within the target repository ('references/repository-analysis.md').
- Boundary markers: There are no instructions to use specific delimiters or to warn the agent against following instructions embedded in the analyzed codebase.
- Capability inventory: The skill possesses the capability to execute shell commands (via 'npx' and 'go'), read arbitrary files in the repository, and write documentation files to '.trellis/spec/'.
- Sanitization: The instructions do not mention any sanitization, filtering, or validation of the content read from the repository before it is processed by the agent.
Audit Metadata