blueprint-init
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the Bash tool to execute a
findandgreppipeline to identify existing markdown documentation files within the repository for migration purposes. - [DATA_EXFILTRATION]: Scans the project directory for configuration files (like
package.jsonorpyproject.toml) and documentation to populate project metadata. It also specifies a check for secrets within the.claude/directory to advise on.gitignoreusage, though no external exfiltration logic is present. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted content from existing markdown documentation files to categorize and move them.
- Ingestion points: Reads content from existing markdown documentation and project-specific configuration files during the migration and manifest creation steps.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing the external file content.
- Capability inventory: Includes file read/write operations, directory creation, and execution of Bash commands.
- Sanitization: There is no evidence of sanitization or validation of the content found within the markdown files before it is analyzed for document type classification.
Audit Metadata