Skills
skills/everyinc/compound-engineering-plugin/setup/Gen Agent Trust Hub

setup

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows a standard interactive workflow for project initialization.
  • [COMMAND_EXECUTION]: Executes basic shell commands (test -f and echo) to detect the project stack (e.g., Rails, Python, TypeScript). These operations are benign and intended for environment discovery.
  • [DATA_EXPOSURE]: Manages a local configuration file named compound-engineering.local.md. The skill does not access sensitive system files (like SSH keys or AWS credentials) or perform any network operations to exfiltrate data.
  • [PROMPT_INJECTION]: The instructions are clearly defined and do not contain attempts to override agent safety filters or bypass system instructions.
  • [INDIRECT_PROMPT_INJECTION]: While the skill reads an existing configuration file, it processes the information to either display it or guide the user through a reconfiguration process. There is no automated execution of instructions found within the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 02:19 AM