Skills
skills/peachsolution/peach-harness/peach-setup-harness/Gen Agent Trust Hub

peach-setup-harness

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to delete specific directories and files (.cursor/rules/, .cursorrules) using destructive shell commands during the cleanup process. It also recommends direct execution of database CLI tools (psql, mysql) if the specialized query skill is unavailable.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local configuration files, specifically api/env.local.yml, to extract database connection details and environment metadata. This exposure of potential credentials to the agent context is a documented data security concern.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill reads and processes the contents of CLAUDE.md and AGENTS.md to guide its setup workflow without implementing security measures:
  • Ingestion points: Reads project-level documentation files in Step 1.
  • Boundary markers: Absent; there are no instructions to delimit or ignore instructions contained within the read files.
  • Capability inventory: Includes file system deletion (rm -rf), file creation, and database query execution.
  • Sanitization: No validation or filtering is performed on the ingested content before it is used to determine subsequent agent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 12:12 PM