Skills
skills/dhruvbaldawa/ccconfigs/project-setup/Gen Agent Trust Hub

project-setup

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes the installation script for the 'uv' package manager from Astral's official domain.\n
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh in reference/python.md.\n- [PROMPT_INJECTION]: The workflow allows for web searches when internal reference guides are unavailable, creating an entry point for untrusted instructions (Indirect Prompt Injection).\n
  • Ingestion points: External web search results for project setup best practices in SKILL.md.\n
  • Boundary markers: Absent; no delimiters or instructions to ignore embedded commands in external data.\n
  • Capability inventory: The skill executes shell commands for environment setup and tool configuration in reference/python.md and reference/typescript.md.\n
  • Sanitization: Absent; information from search results is used to guide setup steps without explicit validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:24 AM