project-new
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create directories and write template files (
project.md) to the local file system under~/.config/finance-skills/projects/. This is a standard administrative operation for project management and does not involve arbitrary or dangerous command execution. - [DATA_EXPOSURE]: The skill follows security best practices by explicitly stating that project directories must not store API credentials, which are isolated in a separate configuration path. It uses the standard
~/.config/directory for application data. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an ingestion surface for untrusted data as it takes user-supplied strings (project names, owners, descriptions) and interpolates them into markdown templates.
- Ingestion points: User inputs collected during Step 3 and Step 5 of the interaction flow.
- Boundary markers: The markdown template does not currently define specific delimiters or warnings to ignore embedded instructions in the generated file.
- Capability inventory: The agent is authorized to create directories and write files to the project space.
- Sanitization: No specific sanitization or validation rules are provided for the user-supplied strings before they are written to disk. While this presents a minor theoretical surface for injection if the generated files are later parsed by an AI, it is inherent to the skill's intended purpose.
Audit Metadata