install-rules
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch rule files from user-specified Git repositories. This is the intended primary function of the skill and typically involves well-known hosting services like GitHub.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of external content that functions as system instructions (rules) for IDE agents, creating a surface for indirect prompt injection.
- Ingestion points: Remote Git repositories (owner/repo) or local project directories as defined in SKILL.md.
- Boundary markers: Implements managed blocks using HTML comments (e.g.,
<!-- ai-cortex:begin -->) for Trae configurations to isolate installed content. - Capability inventory: The skill utilizes filesystem write capabilities to create or modify files in
.cursor/rules/and.trae/project_rules.md. - Sanitization: While the skill does not explicitly sanitize the rule content, it enforces a strict safety protocol requiring the agent to generate an 'Installation Plan' and obtain explicit user confirmation before any files are created or modified, effectively mitigating the risk of unauthorized or silent instruction overrides.
Audit Metadata