craft-project-setup
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a standard detection and generation workflow for project configuration without any signs of data exfiltration or unauthorized file access.
- [PROMPT_INJECTION]: The skill includes instructions to the agent regarding its persona and the omission of AI attribution to maintain consistency with human-authored code. These are workflow preferences and do not bypass any safety filters or security controls.
- [CREDENTIALS_UNSAFE]: The generated security rules explicitly instruct developers to use environment variables for sensitive data and warn against hardcoding secrets, which is an industry-standard security practice.
- [COMMAND_EXECUTION]: The skill configures the agent to use established tools like DDEV and the GitHub CLI (gh). The usage patterns are consistent with normal development workflows and do not involve arbitrary or dangerous command execution.
Audit Metadata