init
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
pccommand-line interface to check versioning, retrieve configuration options, and perform the final project initialization with user-specified flags. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
pipecat-ai-clipackage viauv. This package is an official tool provided by the skill's author and is a trusted resource. - [PROMPT_INJECTION]: The skill takes user input for parameters like project names and directory paths and inserts them into shell commands, creating a potential surface for indirect prompt injection.
- Ingestion points: User-provided values for project name and output directory.
- Boundary markers: No explicit delimiters or instructions are used to isolate user input within the command string.
- Capability inventory: Ability to execute shell commands using the
pcutility. - Sanitization: No explicit sanitization or validation of user-provided strings is performed before command execution.
Audit Metadata