Skills
skills/montaguegabe/boilersync-skills/boilersync-template/Gen Agent Trust Hub

boilersync-template

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing boilersync CLI commands, including init, pull, and push for managing local projects.
  • [EXTERNAL_DOWNLOADS]: The documentation includes examples of cloning template sources from external Git repositories using the boilersync templates init command.
  • [PROMPT_INJECTION]: The skill documents a template engine that processes external variables (e.g., project name, description, author info) using $${variable_name} syntax, which constitutes an indirect prompt injection surface.
  • Ingestion points: Variables derived from user input are interpolated into files and folder names during project generation (SKILL.md).
  • Boundary markers: Uses $${ } delimiters for content and ALL CAPS placeholders for filenames.
  • Capability inventory: The tool performs file system writes and Git operations via the boilersync CLI.
  • Sanitization: No explicit sanitization or input validation for these variables is documented in the provided file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:35 AM