install-rules
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches content from external, user-specified Git repositories.\n
- Evidence: Behavior 1 in SKILL.md describes cloning or fetching rules from a Git
owner/repoor full URL provided by the user.\n- [COMMAND_EXECUTION]: The skill performs persistent file system modifications by writing to IDE configuration paths.\n - Evidence: SKILL.md outlines writing
.mdcfiles to./.cursor/rules/and modifying./.trae/project_rules.md.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting untrusted data and writing it to high-influence configuration files.\n - Ingestion points: Rules read from remote Git repositories (SKILL.md).\n
- Boundary markers: None. The instructions mandate preserving the rule body exactly as provided in the source.\n
- Capability inventory: File system write operations to
.cursor/rules/and.trae/project_rules.mdwhich control agent behavior.\n - Sanitization: None. The content is preserved without filtering or escaping.
Audit Metadata