ai-repo-setup
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard system commands like
ln -sto maintain compatibility across agent tools and recommendschmod +xfor configuring local hook scripts, both of which are common for repository initialization. - [EXTERNAL_DOWNLOADS]: The skill instructs agents to install well-known and reputable developer packages such as Lefthook, Husky, Biome, and Oxlint from standard registries.
- [PROMPT_INJECTION]: The skill provides a framework for analyzing repository structure and requirements, which creates a surface for indirect prompt injection from untrusted code. Ingestion points include project metadata and functional requirements; boundary markers are defined using status-based markdown headers; capabilities include file-system modifications and local command execution; no explicit sanitization is described for the extracted content.
- [DYNAMIC_EXECUTION]: The skill generates templates for local bash scripts and JavaScript plugins to enforce repository rules deterministically, enhancing the reliability of agent tool usage without executing remote unverified code.
Audit Metadata