squad-init
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to determine project names and retrieve git remote URLs.
- [DATA_EXFILTRATION]: Sends project metadata, including technology stack and repository details, to the vendor's Squad board API at steloit-squad.vercel.app.
- [PROMPT_INJECTION]: Reads CLAUDE.md to extract project purpose and tech stack. This content is then sent to an external service, creating a surface for indirect injection. Ingestion point: CLAUDE.md; Capability: Network POST via curl; Sanitization: Safe JSON construction with jq.
Audit Metadata