bootstrap
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to install and manage system-level development tools, including Homebrew (brew install), uv, and bun. It also handles directory creation and git initialization.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of external scaffolding tools, specifically invoking npx create-next-app@latest to generate TypeScript projects and using uv or bun update mechanisms.
- [REMOTE_CODE_EXECUTION]: The skill executes external code by running npx create-next-app@latest and performs self-updates for the uv and bun package managers.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection risk by reading an external configuration file (~/.claude/STACK.md) and allowing its content to override default instructions.
- Ingestion points: The skill reads settings from ~/.claude/STACK.md if the file exists.
- Boundary markers: No delimiters or ignore embedded instructions warnings are present when the agent processes the file content.
- Capability inventory: The skill possesses the capability to execute shell commands (brew, uv, bun, npx, git) and write files to the system.
- Sanitization: There is no evidence of validation or sanitization for the content ingested from the external configuration file.
Audit Metadata