agent-config-setup
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to run
npx create-agent-config, which fetches and executes thecreate-agent-configpackage from the public npm registry. - [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands (
npm create,npx) to perform system-level operations such as project scanning and file generation. - [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection (Category 8) because it processes untrusted local files to generate instructions for other AI agents.
- Ingestion points: The tool scans project-specific files including
package.json,tsconfig, andDockerfile(as described in SKILL.md). - Boundary markers: No specific delimiters or instructions to disregard embedded instructions within the project files are mentioned.
- Capability inventory: The skill is designed to write multiple configuration files (
.cursor/rules/*.mdc,CLAUDE.md,AGENTS.md, etc.) across the project directory. - Sanitization: There is no evidence of sanitization or validation of data extracted from the project files before it is included in the generated agent configurations.
Audit Metadata