trellis-spec-bootstarp

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading external code analysis tools from remote repositories and package registries.
  • Evidence: 'go install github.com/cloudwego/abcoder@latest' in 'references/mcp-setup.md' fetches source code from a public GitHub repository.
  • Evidence: 'npx gitnexus analyze' in 'references/mcp-setup.md' downloads and runs a package from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The workflow involves executing binaries and MCP servers that are sourced from external providers.
  • Evidence: The skill instructs the agent to run 'npx -y gitnexus mcp' and 'abcoder mcp ~/abcoder-asts' to provide the agent with architectural context.
  • [COMMAND_EXECUTION]: The skill relies on multiple shell commands to perform repository analysis and verify tool setup.
  • Evidence: 'npx gitnexus status', 'abcoder parse ...', and 'grep -R ...' commands are used to process the repository and finalize documentation.
  • [PROMPT_INJECTION]: The skill's primary function is to ingest and interpret data from a repository, which is an untrusted external source.
  • Ingestion points: File paths, source code files, package manifests, and documentation found within the target repository ('references/repository-analysis.md').
  • Boundary markers: There are no instructions to use specific delimiters or to warn the agent against following instructions embedded in the analyzed codebase.
  • Capability inventory: The skill possesses the capability to execute shell commands (via 'npx' and 'go'), read arbitrary files in the repository, and write documentation files to '.trellis/spec/'.
  • Sanitization: The instructions do not mention any sanitization, filtering, or validation of the content read from the repository before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 02:16 PM
Security Audit — agent-trust-hub — trellis-spec-bootstarp