project-initialization
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its reliance on specifications defined in external documents.
- Ingestion points: The agent reads initialization requirements from
specs/技术栈.md,specs/项目结构.md, andspecs/开发规范.md(referenced in SKILL.md). - Boundary markers: There are no markers or instructions used to separate the specification data from agent instructions, making the agent susceptible to embedded prompts within those files.
- Capability inventory: The skill has the ability to execute shell commands (e.g.,
git init,mkdir,npm init) and modify the local filesystem (SKILL.md). - Sanitization: The skill does not perform validation or sanitization on the file content before using it to define command execution paths.
- [COMMAND_EXECUTION]: The skill performs project setup using standard shell utilities.
- Evidence: Workflow steps in SKILL.md explicitly call for the execution of
git init,mkdir -p, and technical stack initialization commands such asnpm initorgo mod init.
Audit Metadata