cdd-init-project
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download project boilerplate and contract files from
https://github.com/ruphware/cdd-boilerplate. This is a vendor-owned resource belonging to 'ruphware' and is used as the intended canonical source for the project initialization workflow. - [COMMAND_EXECUTION]: The skill facilitates the execution of git commands (init, remote, push) and local file operations. These actions are explicitly protected by 'High-impact action guardrails' requiring separate user confirmation for each step.
- [PROMPT_INJECTION]: The skill includes instructions to strictly follow a specific project structure and methodology ('Contract-surface taxonomy'). These are legitimate project constraints and do not attempt to bypass agent safety filters or override system instructions.
- [DATA_EXFILTRATION]: No patterns of sensitive data access or exfiltration were detected. Network access is restricted to the bootstrap process and requires explicit user consent.
Audit Metadata