bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system-level commands to set up the local development environment. Evidence: Step 5 and 6 explicitly call for the execution of
git initand package installation commands includingnpm install,bun install,pnpm install, andpip install. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs third-party software from well-known package registries. Evidence: Step 6 automates the installation of development tools such as Biome, Ruff, Vitest, and pytest based on the detected or chosen technology stack.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection when working with existing codebases. Evidence: 1. Ingestion points: Step 1 and 4 read content from existing manifests like
package.jsonorpyproject.tomland documentation in thedocs/directory. 2. Boundary markers: No delimiters or instructions to ignore embedded commands within existing files are specified. 3. Capability inventory: The skill can write files, initialize git, and execute package manager installations. 4. Sanitization: No sanitization or validation of the content read from existing project files is performed before it influences agent actions.
Audit Metadata