ai-repo-setup
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to create symbolic links (e.g.,
ln -s AGENTS.md CLAUDE.md) and generates bash scripts for automation hooks in the.claude/hooks/directory. - [COMMAND_EXECUTION]: The agent is instructed to use
chmod +xto grant execution permissions to dynamically created shell scripts. - [EXTERNAL_DOWNLOADS]: The skill recommends and facilitates the installation of various third-party Node.js packages (e.g.,
lefthook,husky,oxlint,biome) from public registries to establish linting and testing workflows. - [REMOTE_CODE_EXECUTION]: The skill generates and configures locally executed scripts and plugins (Claude Code hooks and OpenCode plugins) that intercept and modify agent behavior at runtime based on provided templates.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting and processing content from untrusted repository files and external issue trackers.
- Ingestion points: Repository configuration files (
package.json), existing documentation (REQUIREMENTS.md), and external issue tracker items (Linear, Jira, GitHub). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when reading untrusted external data.
- Capability inventory: Includes file writing, symbolic link creation, shell script generation, and package installation.
- Sanitization: No explicit sanitization or validation of the data retrieved from trackers or local files is required by the current instructions.
Audit Metadata