brand-init
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like cat, jq, and git log to extract information from the user's project files and repository history.
- [COMMAND_EXECUTION]: It invokes a Node.js CLI located at a specific local path (~/Development/brand-kit/dist/src/cli.js) to perform brand data migration, validation, and style compilation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted data from the filesystem. 1. Ingestion points: The skill reads package.json, README.md, and git log output. 2. Boundary markers: No delimiters or ignore instructions are used for the ingested data. 3. Capability inventory: The skill can execute shell commands and run a specialized Node.js CLI tool. 4. Sanitization: No sanitization is performed on the content read from the project files.
Audit Metadata