project-kickoff
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a local Python script (
scripts/tidy_permissions.py) to analyze and report on project permission settings. This script identifies leaked secrets, shell fragments, and deprecated configuration patterns to help maintain environment hygiene. - [COMMAND_EXECUTION]: Automates project setup tasks using the GitHub CLI (
gh repo create) and Git (git init). These actions are performed upon user confirmation and target the author's GitHub organization ('jezweb') by default. - [COMMAND_EXECUTION]: Recommends project-specific permission presets that include broad access patterns such as
Bash(git *),Bash(curl *), andBash(node *). These are intended to facilitate development tasks in newly scaffolded projects. - [PROMPT_INJECTION]: The skill analyzes existing
.claude/settings.local.jsonfiles, which presents an indirect prompt injection surface where maliciously crafted configuration entries could influence the agent's report. - Ingestion points: The contents of
.claude/settings.local.jsonare read and processed by thetidy_permissions.pyscript. - Boundary markers: No specific boundary markers or delimiters are used when reading the settings file to separate it from instructions.
- Capability inventory: The skill possesses capabilities for local script execution and repository management via Git and the GitHub CLI.
- Sanitization: The analysis script uses regular expressions for pattern matching and standard JSON parsing rather than executing input strings directly.
Audit Metadata