init
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from the repository (e.g., README.md, package.json, existing CLAUDE.md) to generate agent instructions.
- Ingestion points: Reads project manifests, documentation, and existing context files across the codebase in Step 2 to synthesize project information.
- Boundary markers: No specific delimiters or "ignore previous instructions" headers are used when interpolating discovered content into the drafting phase.
- Capability inventory: The skill can write files (AGENTS.md, CLAUDE.md, .maestro/context/*.md) which are subsequently interpreted as authoritative guidance by AI agents during future sessions.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the text extracted from the codebase before it is used to generate the final context files.
- [COMMAND_EXECUTION]: The skill performs file system operations, including directory creation and conditional file deletion.
- Evidence: Executes
mkdir -p .maestro/contextto initialize the context directory. - Evidence: The
--resetfunctionality deletes files in.maestro/context/based on a snake_case naming heuristic. This pattern-based deletion could lead to the unintended removal of user-created files that happen to follow the same naming convention within that specific directory.
Audit Metadata