grace-init
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists of instructional Markdown and XML template files. It does not contain or execute any Python, Node.js, or shell scripts.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by interpolating user-provided metadata directly into project files. While the skill itself has no dangerous capabilities, the resulting files could influence subsequent AI agent actions if they process these documents.
- Ingestion points: User-provided project name, annotation, keywords, and technology stack details collected in SKILL.md (Step 1).
- Boundary markers: None present in the
assets/template files to delimit interpolated user variables. - Capability inventory: The skill is restricted to file system write operations for project documentation (
docs/*.xmlandAGENTS.md). - Sanitization: No sanitization, escaping, or validation of user-provided strings is performed before they are written to the templates.
Audit Metadata