bootstrap-auto
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from multiple external sources. • Ingestion points: External data enters the context via the 'researcher' subagents (web research) and user requirements passed through the $ARGUMENTS variable. • Boundary markers: While user requirements are wrapped in tags, research reports generated by subagents lack clear delimiters or instructions to ignore embedded commands. • Capability inventory: The agent possesses capabilities for file system modification (docs-manager), code execution (tester/debugger subagents), and external network interactions (git-manager). • Sanitization: There is no explicit sanitization or filtering logic described for the content returned by researchers before it is used to influence the implementation and testing phases.
- [COMMAND_EXECUTION]: The workflow requires the execution of build commands, type checking, and automated tests via the 'tester' and 'debugger' subagents. This involves running code that is dynamically generated during the implementation phase based on external research inputs.
Audit Metadata