bookstrap-archive-project
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill defines a command and its parameters through documentation but does not provide any scripts or compiled code.
- [DATA_EXFILTRATION]: The skill is designed to send project data to external cloud storage services including S3, Google Cloud, and Azure. This network activity is the primary stated purpose of the archiving tool.
- [COMMAND_EXECUTION]: The archiving process involves local file operations such as high-ratio compression and the optional deletion of source files after the archive is verified.
- [PROMPT_INJECTION]: The skill reads and analyzes untrusted project files to produce word counts, entity lists, and chapter summaries, creating a surface for indirect prompt injection.
- Ingestion points: Project documents and source files read during metadata generation in SKILL.md.
- Boundary markers: The skill does not describe the use of delimiters or protective instructions when parsing file content.
- Capability inventory: Cloud storage upload capabilities and local file removal operations.
- Sanitization: No sanitization or content filtering is specified for the data ingested from project files.
Audit Metadata