project-init-orchestrator
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (e.g.,
python3 scripts/scaffold.py) and standard package manager commands (npm, bun, pnpm) to set up project directories and configurations. Execution is based on user-supplied paths and parameters.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user data (tech stack, project path, and preferences) which is then used to direct the initialization orchestration.\n - Ingestion points: The 'Phase 1: GATHER CONTEXT' section in SKILL.md defines where external user input enters the execution context.\n
- Boundary markers: Absent; the instructions do not include delimiters or specific guidance to the agent to disregard instructions potentially embedded within the configuration data.\n
- Capability inventory: The orchestrator has the capability to run arbitrary shell commands via the
python3calls and modify configuration files across the entire project root.\n - Sanitization: Absent; the skill lacks mechanisms to validate or escape user-provided strings before they are used in orchestration steps.
Audit Metadata