Skills
skills/product-on-purpose/pm-skills/init-project/Gen Agent Trust Hub

init-project

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill package is composed entirely of markdown instructions and text templates; it does not include any executable scripts or binaries.
  • [SAFE]: Security analysis of the initialization workflow confirms it is restricted to standard local file system operations (creating directories and writing template files) with no indicators of malicious activity.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). Evidence: (1) Ingestion point: User-provided project metadata (name, description) gathered in SKILL.md. (2) Boundary markers: Absent in documentation templates. (3) Capability inventory: Local file system write operations. (4) Sanitization: None identified. This surface is inherent to scaffolding tools and is assessed as safe within this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:26 PM