yc-apply
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a set of local shell scripts (e.g.,
bootstrap-workspace.sh,phase-status.sh,journal-append.sh) to initialize the workspace, track phase transitions, and log project milestones. These scripts are relative to the skill directory and interact only with the user-provided workspace path. - [EXTERNAL_DOWNLOADS]: Phase 3 of the workflow dispatches five parallel subagents to perform targeted research on founders, competitors, and market sizing. These agents use standard platform tools to retrieve data from well-known services such as GitHub, LinkedIn, and Hacker News to populate research files in the workspace.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data including the live YC application form and founder bio inputs which represent a potential attack surface.
- Ingestion points: User-pasted form text in
01_form-spec.md, founder responses in02_founder-profile.md, and external research findings in04_research/. - Boundary markers: The skill does not use explicit delimiters or markers to isolate user-provided text from internal prompts.
- Capability inventory: The agent possesses file system write access via shell scripts and the ability to dispatch subagents with web tools.
- Sanitization: Shell scripts utilize standard double-quoting for variable expansion to prevent common shell injection vulnerabilities during workspace management.
- [SAFE]: The skill implements a strictly defined 10-phase state machine that ensures all necessary data and research are collected before final submission. It does not attempt to access sensitive system directories, harvest credentials, or execute code from untrusted remote sources.
Audit Metadata