Skills
skills/queso/ai-team-skills/start-new-app/Gen Agent Trust Hub

start-new-app

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill clones a repository from https://github.com/queso/context-kit.git. This repository and organization (queso) are not on the trusted sources list, posing a risk of untrusted code execution during project setup.
  • [PROMPT_INJECTION] (LOW): The skill implements an Indirect Prompt Injection surface by fetching a README from an external source and prioritizing it over local instructions.
  • Ingestion points: https://github.com/queso/context-kit/blob/main/README.md referenced in Step 2.
  • Boundary markers: None; the skill explicitly states the remote README should "take precedence."
  • Capability inventory: git clone, rm -rf, git init, mkdir, and file writing operations.
  • Sanitization: None; the agent is told to follow the fetched instructions as the "source of truth."
  • [COMMAND_EXECUTION] (LOW): The skill executes multiple shell commands including git clone, rm -rf .git, and git init. While typical for scaffolding, executing these commands in a directory specified by user input or influenced by external instructions (Step 2) carries inherent risk if the environment is not restricted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:42 PM