Skills
skills/khw1031/ai-library/project-initializer/Gen Agent Trust Hub

project-initializer

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to create projects and install dependencies using framework-specific CLIs like npx, uv, and go (SKILL.md, Phase 4).
  • [EXTERNAL_DOWNLOADS]: Downloads frameworks and project templates from official registries like NPM, PyPI, and Go Proxy (references/framework-profiles.md).
  • [PROMPT_INJECTION]: Potential for indirect prompt injection via the WebSearch phase. Malicious content in search results could manipulate the technical stack confirmation or the commands generated for execution.
  • Ingestion points: Web search results for project configuration (SKILL.md, Phase 2).
  • Boundary markers: Uses technical stack confirmation in Phase 3 for user oversight.
  • Capability inventory: Shell command execution for project scaffolding and package installation (SKILL.md, Phase 4).
  • Sanitization: Implements a cross-verification strategy in references/web-search-strategy.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:22 PM