project-setup-info-local
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution]: The skill initiates project setup using npx to execute scaffolding packages such as create-next-app and create-vite. This is a standard method for bootstrapping modern web and extension projects.
- [External Data Ingestion]: Documentation is retrieved from external official sources to guide MCP server setup. This represents a potential surface for indirect prompt injection. Ingestion points: fetch_webpage tool retrieves content from modelcontextprotocol.io. Boundary markers: None explicitly defined for the external text to distinguish it from system instructions. Capability inventory: File system access for creating mcp.json and updating .github files, and VS Code command execution. Sanitization: Not explicitly performed on the fetched text.
- [VS Code Integration]: The skill uses official VS Code commands to initialize Python environments and install relevant extensions, which represents normal integration with the development environment.
Audit Metadata