Skills
skills/doccker/cc-use-exp/project-init/Gen Agent Trust Hub

project-init

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill distributes templates with hardcoded default passwords for critical services. \n
  • Evidence: assets/docker-compose-mysql.yml.tmpl contains default passwords app123, admin123, and root123. \n
  • Evidence: assets/docker-compose-redis.yml.tmpl and assets/docker-compose-sqlite.yml.tmpl contain a default ADMIN_PASS set to admin123. \n
  • Evidence: assets/restart-go.sh.tmpl and assets/restart-java.sh.tmpl include fallback credentials admin123 within the shell scripts. \n- [COMMAND_EXECUTION]: Utility scripts for service management execute powerful shell commands. \n
  • Evidence: assets/restart-go.sh.tmpl and assets/restart-java.sh.tmpl use pkill to terminate running processes and nohup to execute binaries in the background. \n- [EXTERNAL_DOWNLOADS]: Initialization and restart processes involve downloading content from external sources. \n
  • Evidence: assets/restart-go.sh.tmpl and assets/restart-java.sh.tmpl perform git pull from remote repositories and npm install for dependency resolution. \n
  • Evidence: assets/Dockerfile-go-frontend.tmpl and assets/Dockerfile-go.tmpl utilize npm ci and go mod download to fetch external packages.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 01:18 AM