init-project
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash tools including mkdir, ln, and git to scaffold project directories, create symlinks, and initialize version control. These operations are restricted to the intended purpose of project setup and are performed within user-specified paths.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8).
- Ingestion points: User input is collected via AskUserQuestion in the initial interview phase for project metadata.
- Boundary markers: Absent; user input is interpolated directly into markdown files.
- Capability inventory: The skill uses the Write tool to create CLAUDE.md and README.md, and Bash for directory management.
- Sanitization: The skill does not sanitize or validate user-provided strings before writing them to the instruction files, which may be used as context for future agent sessions.
Audit Metadata