Skills
skills/r-sri-ram/buildmvpfast-project-docs/analyze-project/Gen Agent Trust Hub

analyze-project

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses the Bash tool to execute tree and find commands. These are used strictly for project structure discovery and do not involve piped remote execution or administrative privileges.
  • [DATA_EXPOSURE] (SAFE): The skill reads project configuration files such as package.json, requirements.txt, and database schemas. While these files contain metadata about the project, the skill does not attempt to access sensitive user-level credentials (e.g., ~/.ssh or ~/.aws) or exfiltrate data over the network. The analysis is confined to the local project context.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process untrusted data from the codebase (source code, comments, and configuration files).
  • Ingestion points: Files like package.json, schema.prisma, and source files are read via Read, Grep, and Glob tools.
  • Boundary markers: The instructions do not specify explicit boundary markers or delimiters when presenting analyzed code to the LLM.
  • Capability inventory: The skill has access to Read, Bash, and Grep but lacks network access.
  • Sanitization: There is no explicit sanitization of the content read from the codebase. However, as this is the primary purpose of the skill, the risk is considered low and inherent to the task.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:35 PM