Skills
skills/riccardogrin/skills/initializing-projects/Gen Agent Trust Hub

initializing-projects

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill configures .claude/settings.json with PostToolUse hooks to execute standard tools such as prettier, eslint, ruff, and black. These are well-known development tools used to maintain code quality.\n- [EXTERNAL_DOWNLOADS]: The generated hooks may use npx to run commands, which can trigger downloads from the public npm registry for trusted packages.\n- [PROMPT_INJECTION]: The skill scans untrusted project files like README.md and existing CLAUDE.md to extract project context.\n
  • Ingestion points: README.md, existing CLAUDE.md (Phase 1).\n
  • Boundary markers: None explicitly defined in the generated file template.\n
  • Capability inventory: Ability to write files to the project root and configure automated agent hooks.\n
  • Sanitization: Mitigated by mandatory user confirmation of the auto-detection results and a final verification step before completion.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 03:48 PM