swain-init
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the 'uv' installer script from Astral's official domain (astral.sh) and executes it to provide Python environment management capabilities.
- [EXTERNAL_DOWNLOADS]: Installs the 'pre-commit' framework and 'tmux' terminal multiplexer using standard package managers (uv and brew) to support security and workspace features.
- [EXTERNAL_DOWNLOADS]: Adds the 'obra/superpowers' skill to the agent's environment using the 'npx skills add' command.
- [COMMAND_EXECUTION]: Configures shell shortcuts by appending function templates to user profile files (e.g., .bashrc, .zshrc, or config.fish). This action is documented and requires user confirmation.
- [COMMAND_EXECUTION]: Dynamically creates executable symlinks within 'bin/' and '.agents/bin/' to expose utility scripts found within the skill tree as commands.
- [PROMPT_INJECTION]: The skill performs semantic analysis on the project's README.md to propose architectural artifacts, which creates a surface for indirect prompt injection.
- Ingestion points: README.md (via Read tool).
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are applied during the read phase.
- Capability inventory: Performs file-writing operations for vision, design, journey, and persona artifacts through the 'swain-design' skill.
- Sanitization: Mitigated by a mandatory human-in-the-loop review where the operator must approve, edit, or reject every proposal before any files are created.
Audit Metadata