conductor-setup
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell commands such as 'git status', 'git ls-files', 'head', 'tail', and 'git init' for repository discovery and state management. These commands are consistent with the skill's administrative setup functions.
- [COMMAND_EXECUTION]: The provided workflow template instructs the agent to run testing frameworks ('pytest', 'npm test') and manage project history via 'git notes' and 'git commit'. These are standard development tasks.
- [PROMPT_INJECTION]: The skill implements a Category 8 vulnerability surface via its Project Discovery Protocol, which involves reading and analyzing local project files. 1. Ingestion points: 'references/project-discovery.md' reads the directory structure, 'README.md', and dependency manifest files (e.g., 'package.json', 'requirements.txt'). 2. Boundary markers: The skill respects ignore files (.gitignore, .geminiignore) but does not define explicit text delimiters or 'ignore' instructions for the content being summarized. 3. Capability inventory: The skill has permissions to write to the 'conductor/' directory and execute shell commands for Git and testing. 4. Sanitization: No explicit sanitization of the content extracted from READMEs or manifests is documented, though the instructions focus on extraction and summarization rather than direct execution of ingested strings.
Audit Metadata