project-starter-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill is hardcoded to install dependencies (commiter, changelog-updater) from an untrusted source (
https://github.com/Baxahaun/MySkills). This repository is not within the trusted scope, posing a supply chain risk. - COMMAND_EXECUTION (HIGH): The core functionality involves executing
scripts/init_project.pyand variousnpx skillscommands. Executing local scripts that are not part of the standard library or a trusted package is a high-risk operation. - CREDENTIALS_UNSAFE (HIGH): Phase T (Tests) in
references/etapa-cycle.mdexplicitly commands the agent to read the.envfile and verify credentials. This provides the agent with direct access to sensitive secrets which could be exfiltrated if the agent is compromised by indirect injection. - INDIRECT_PROMPT_INJECTION (HIGH): The skill has a large vulnerability surface where untrusted user input from 'Step 1: Discovery' is used to define the project's 'Constitution' (
genesis.md). This document then dictates the generation of subsequent tools and logic. - Ingestion points: User discovery questions (SKILL.md Step 1).
- Boundary markers: Absent; user input is directly interpolated into project documentation.
- Capability inventory: Python script execution, skill installation, and GitHub repository creation.
- Sanitization: No explicit sanitization or filtering is mentioned for user-provided project rules.
- DYNAMIC_EXECUTION (MEDIUM): The autonomy matrix (references/autonomy-and-recovery.md) grants the agent 'Green Level' permission to create, edit, and execute scripts in the
tools/directory. This allows for the generation and execution of arbitrary logic without human-in-the-loop verification.
Recommendations
- AI detected serious security threats
Audit Metadata