project-onboard
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as git diff for incremental updates and npx skills for managing agent extensions based on the project's tech stack.
- [EXTERNAL_DOWNLOADS]: Fetches up-to-date framework documentation from the Context7 service and references trusted repositories like vercel-labs/agent-skills for additional tools.
- [PROMPT_INJECTION]: The skill processes untrusted local files (e.g., README.md, source code) to generate context, creating a surface for indirect prompt injection.
- Ingestion points: Local project files such as package.json, README.md, and ORM schema files.
- Boundary markers: Output generation uses HTML comments for isolation, but the skill lacks explicit markers for processing untrusted inputs.
- Capability inventory: Filesystem read/write access and shell command execution (git diff, npx).
- Sanitization: Implements a strict security rule to avoid reading .env files, mitigating credential exposure risks during scans.
Audit Metadata