Skills
skills/mindfold-ai/trellis/trellis-start/Gen Agent Trust Hub

trellis-start

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script ./.trellis/scripts/get_context.py to retrieve environment state and routing logic.\n- [COMMAND_EXECUTION]: The skill uses cat to read contents from various configuration and index files within the .trellis/ directory to establish developer guidelines.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing local project files and script outputs without explicit boundary markers or sanitization.\n
  • Ingestion points: Output of ./.trellis/scripts/get_context.py and contents of files in the .trellis/spec/ directory.\n
  • Boundary markers: None; data is interpolated into the agent context without delimiters or instructions to ignore potential embedded commands.\n
  • Capability inventory: The skill permits command execution via python3 and file access via cat.\n
  • Sanitization: There is no evidence of validation or sanitization for content read from the local filesystem or script output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 10:55 PM