project-initialization
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected because the skill reads and modifies documentation files that can be influenced by third parties.\n
- Ingestion points: The skill parses
AGENTS.md,CLAUDE.md, and markdown files in.beads/context/.\n - Boundary markers: There are no explicit markers or safety instructions provided to prevent the agent from following instructions embedded in the target files.\n
- Capability inventory: Capabilities include file relocation (
mv), symlink creation (ln -s), and automated text replacement.\n - Sanitization: No sanitization or validation is performed on the ingested content prior to transformation.\n- [COMMAND_EXECUTION]: The skill executes local shell commands to manage files and verify setup.\n
- Evidence: Shell commands used include
ls,mv,ln -s,cat, andgrepfor project organization and verification.
Audit Metadata