initialization
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates project setup through various shell scripts, including detecting project frameworks (
detect-project.sh), initializing directory structures (init-project.sh), and setting up progress tracking mechanisms (init-progress.sh). It also generates and modifies executable scripts for development server initialization. - [EXTERNAL_DOWNLOADS]: Templates and generated initialization scripts (
init.sh) include instructions for standard package managers such aspip,npm,cargo, andgo modto install necessary project dependencies from public registries. - [PROMPT_INJECTION]: The skill configures a global configuration file at
~/.claude/CLAUDE.mdwhich includes operational rules (e.g., "Sacrifice grammar for brevity") and enforces specific skill usage sequences, which effectively guides and overrides default agent behaviors for future sessions. - [DATA_EXFILTRATION]: Connectivity checks in
check-dependencies.shuse tools likencandpg_isreadyto verify access to configured databases and services. These network operations are limited to verifying project readiness based on local configuration files.
Audit Metadata