cc-init
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions focus on project structure and documentation generation. There are no attempts to bypass safety filters, extract system prompts, or use adversarial role-play patterns.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any remote downloads. All utility scripts and templates are part of the skill's own package and are copied locally.
- [DATA_EXFILTRATION]: No network operations or credential-harvesting behaviors were identified. The skill only interacts with the local file system to organize project assets.
- [COMMAND_EXECUTION]: The skill includes utility scripts intended for local execution. These scripts (read-yaml.mjs, validate-yaml.mjs, etc.) use standard Node.js modules like 'fs' and 'path' to perform transparent tasks without executing arbitrary shell commands or remote code.
- [SAFE]: The skill follows standard development workflows for project bootstrapping, including tech stack detection, directory creation, and generating .gitignore files. All provided scripts are well-documented and functional as described.
Audit Metadata