project-init
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various bash commands, including make targets (dev-setup, test) and a custom initialization script (attune_init.py) located in a local path.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and shell command injection. User-provided metadata such as project names and descriptions are interpolated into shell commands in SKILL.md and project templates in modules/template-rendering.md.
- Ingestion points: User metadata collected via interactive prompts in modules/metadata-collection.md.
- Boundary markers: No delimiters or protective instructions are used to isolate user input from command or template logic.
- Capability inventory: Uses Bash for command execution and Write for generating project files.
- Sanitization: Only basic format validation (lowercase, no spaces) is mentioned, which is insufficient to prevent shell metacharacter injection or template escaping.
Audit Metadata