Skills
skills/ratacat/claude-skills/project-setup/Gen Agent Trust Hub

project-setup

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The file reference/python.md contains the command curl -LsSf https://astral.sh/uv/install.sh | sh. This pattern downloads and executes arbitrary code directly from a remote source, which is a high-risk vector for system compromise.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its fallback workflow.
  • Ingestion points: SKILL.md instructs the agent to perform a web search for unknown languages.
  • Boundary markers: None present; the agent is not warned to ignore instructions embedded in search results.
  • Capability inventory: Across reference/python.md and reference/typescript.md, the skill performs file writes, executes shell commands, and installs packages.
  • Sanitization: None present; data from the web search is interpolated directly into the setup workflow.
  • EXTERNAL_DOWNLOADS (SAFE): The skill references standard development dependencies from PyPI and npm registries (e.g., ruff, pytest, vitest, eslint) which are considered acceptable for the intended purpose of project bootstrapping.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:00 PM