Skills
skills/a-green-hand-jack/ml-research-skills/project-init/Gen Agent Trust Hub

project-init

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches a slide deck template from the author's GitHub repository: https://github.com/a-green-hand-jack/progress-slides.git.
  • [COMMAND_EXECUTION]: Defines several shell commands for project management and hygiene, utilizing tools like git, gh, uv, ruff, mypy, and pytest. It also references an execution path for a checking script located in a related skill directory: bash <submit-paper-skill-dir>/scripts/check.sh.
  • [PROMPT_INJECTION]: The skill creates agent guidance files (AGENTS.md and CLAUDE.md) which serve as ingestion points for agent instructions. This surface for indirect prompt injection is mitigated by boundary markers instructing agents to maintain visibility tiers and keep private guidance out of public/author-visible branches. The agent's capability inventory includes Read, Write, Edit, Bash, and Glob tools. There is no explicit sanitization for the generated documentation beyond the instructions provided to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 08:33 AM