agent-init-deep
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions designed to bypass AI safety filters, jailbreak the agent, or extract system prompts. Its triggers and instructions are strictly task-oriented.
- Data Exposure & Exfiltration (SAFE): While the skill reads and writes local repository files (
CLAUDE.mdanddocs/agents/*.md), it does not access sensitive directories (e.g., .ssh, .aws) or credentials. There are no network-capable functions (curl, wget) used to exfiltrate data. - Unverifiable Dependencies & Remote Code Execution (SAFE): No external packages or remote scripts are downloaded or executed. The skill does not use package managers or dynamic code execution functions like eval() or exec().
- Indirect Prompt Injection (SAFE): The skill processes existing
CLAUDE.mdfiles during the migration path. This constitutes a data ingestion surface, but the risk is negligible as the skill's actions are limited to generating and organizing markdown text without executing code or calling external APIs. - Ingestion points: existing
CLAUDE.mdfiles during migration. - Boundary markers: None explicitly defined, but usage is limited to text classification.
- Capability inventory: Markdown file reading and writing only.
- Sanitization: Not explicitly required for this documentation-focused use case.
Audit Metadata