project-bootstrapper
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a structural framework and template generator for project documentation. It focuses on establishing secure development lifecycles and does not perform sensitive operations.
- [SAFE]: The Python utility
scripts/validate_bootstrap.pyuses standard library modules (os,re,json,pathlib) to perform static checks on generated text files. It contains no code execution, network access, or file modification logic beyond reading targeted skills. - [SAFE]: Documentation in
references/generation-guide.mdandreferences/security-hardeningpromotes industry-standard security practices, such as preventing SQL injection through parameterized queries, enforcing strict Content Security Policies (CSP), and utilizing secure cryptographic hashing (Argon2id). - [SAFE]: The skill includes explicit instructions in
SKILL.mdto wait for user confirmation before proceeding with tech stack or skill map generation, ensuring human-in-the-loop control over project initialization. - [SAFE]: No obfuscation, data exfiltration patterns, or unauthorized persistence mechanisms were found across the nine files provided.
Audit Metadata