handlebar-setup
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from the local codebase to determine agent intent, tools, and frameworks, creating a surface for indirect prompt injection.\n
- Ingestion points: Reads local project files including source code and package manifests (Step 2 and Step 4).\n
- Boundary markers: The skill does not employ specific delimiters or instructions to ignore potential malicious content within the analyzed codebase.\n
- Capability inventory: The skill has the capability to write a configuration file to the local filesystem at
.claude/.handlebar/agent-config.json.\n - Sanitization: No evidence of sanitization or content validation is present for the data extracted from the codebase.\n- [EXTERNAL_DOWNLOADS]: The skill directs users to download and install packages from the
@handlebarscope on npm and other well-known AI SDKs. As these are vendor-provided or well-known official libraries, they are considered safe.\n- [SAFE]: All external URL references point to the vendor's official domain (gethandlebar.com). The operations are consistent with the skill's primary purpose of configuring a governance service.
Audit Metadata