initialization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The skill executes a series of local shell scripts for project detection, dependency verification, and directory structure initialization.
- [Dynamic Execution] (LOW): The create-init-script.sh script generates executable bash files (init.sh) that perform framework-specific setup tasks like installing packages via npm or pip.
- [Prompt Injection] (LOW): The global-init script writes persistent behavioral rules and 'Truly Any Time Skills' enforcement to the agent's global configuration file, which influences agent behavior across all sessions.
- [Data Exposure] (SAFE): Diagnostic scripts verify the presence of required environment variables and check local database connectivity (e.g., PostgreSQL/SQLite) without exfiltrating or logging sensitive values.
- [Indirect Prompt Injection] (LOW): The create-feature-list script parses user-provided markdown files into JSON progress trackers; while it performs basic escaping of double quotes, it relies on simple regex-based ingestion.
Audit Metadata