bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a configuration assistant for project onboarding, adhering to its stated purpose of creating directory structures and documentation files.
- [COMMAND_EXECUTION]: The skill uses tools to create directories and write files such as CLAUDE.md and strategy/brand.md to establish a marketing project's foundation. This behavior is consistent with the skill's functional description and is limited to the local working directory.
- [PROMPT_INJECTION]: The migration phase reads local files (BRAND.md, SOUL.md, MEMORY.md) to preserve user context during structure updates. While this is an ingestion surface for indirect prompt injection, it is restricted to the local workspace and is a core part of the onboarding process. Ingestion points: BRAND.md, SOUL.md, MEMORY.md. Boundary markers: None. Capability inventory: Write tool for file/folder creation. Sanitization: None.
Audit Metadata