init
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill describes the use of standard system commands, such as ln -s for Unix-like systems and New-Item for Windows, to create symbolic links. These commands are transparently documented as part of the project setup workflow and are consistent with the skill's primary purpose of syncing AI context files.
- [PROMPT_INJECTION]: The skill possesses a data ingestion surface where it reads project metadata from local configuration files (package.json, pyproject.toml, go.mod) to populate an 'AI Constitution' or instruction template. This is a low-risk, standard development operation.
- Ingestion points: Reads local configuration files from the project root directory as specified in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Reading local files and creating filesystem symbolic links.
- Sanitization: No explicit validation or sanitization of the ingested project metadata is mentioned.
Audit Metadata