Skills
skills/terrylica/cc-skills/bootstrap/Gen Agent Trust Hub

bootstrap

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs legitimate automation for environment setup using standard system tools and follows best practices for repository management.
  • [COMMAND_EXECUTION]: Extensive use of Bash scripts in SKILL.md to detect local environment state and generate a bootstrap script. These scripts are transparent and restricted to the session setup task.
  • [EXTERNAL_DOWNLOADS]: Interacts with GitHub via git for repository management and storage of recording chunks. This behavior is documented and aligns with the skill's purpose.
  • [CREDENTIALS_UNSAFE]: Uses the GitHub CLI (gh auth token) to retrieve an authentication token for repository operations. The token is handled as a variable and removed from the local git configuration after the cloning process is complete to minimize exposure.
  • [PROMPT_INJECTION]: Includes instructions in SKILL.md for the AI to self-update the skill's code if it encounters issues, which is a meta-instruction for autonomous maintenance.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:41 AM