project-init
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses benign shell commands (rm, mkdir) to manage a temporary workspace in /tmp/crucible-project-init/ for storing intermediate data files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted content from the codebase to generate architectural maps and configuration proposals. Ingestion points: Source files, READMEs, and manifest files (e.g., package.json, go.mod) are read from the current and neighboring repositories as described in SKILL.md and subagent prompts. Boundary markers: No specific boundary markers are used to isolate ingested content from instructions. Capability inventory: The skill can write to the local filesystem (memory/ and CLAUDE.md) and dispatch subagents. Sanitization: No sanitization or validation of ingested content is performed before synthesis.
- [SAFE]: The overall behavior of the skill is consistent with its stated purpose of codebase mapping, and it requires explicit user approval before performing cross-repository discovery.
Audit Metadata