fp-init
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes 'git tag --list' to discover project version history for feature mining.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes untrusted data from the project's source code, READMEs, and changelogs.
- Ingestion points: Reads project root files, package manifests (package.json, Cargo.toml, etc.), and source code in Phase 1 and Phase 2.
- Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: Performs file system reads and writes, and executes git commands.
- Sanitization: No sanitization or filtering is applied to the content read from project files before it is processed by the agent.
Audit Metadata