project-init
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's reference documentation (guide.md) explicitly suggests running
npx skills add Alicoder001/agent-skills. This encourages downloading and executing packages from an unverified third-party repository not included in the trusted organizations list. - [COMMAND_EXECUTION] (LOW): The skill generates and displays shell commands (e.g., pnpm dev, npm test) for the user to execute based on their environment.
- [PROMPT_INJECTION] (LOW): The skill analyzes local files such as
package.jsonand.agents/CONTEXT.mdto automate setup. This creates a surface for indirect prompt injection if these files are manipulated to contain malicious instructions. Evidence Chain: 1. Ingestion points: package.json, .agents/CONTEXT.md, tsconfig.json. 2. Boundary markers: Absent. 3. Capability inventory: Filesystem write access to .agents/CONTEXT.md. 4. Sanitization: Absent; values are directly interpolated into the output context.
Audit Metadata