maestro-setup
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's primary functions—creating directories, generating markdown templates, and managing project state—are handled through well-defined steps that follow expected developer workflow patterns. All actions are localized to the project's workspace.
- [COMMAND_EXECUTION]: The skill uses local system commands including
mkdir,rm, andgitto manage the.maestrodirectory and commit setup changes. It also optionally interacts with thebr(Beads) CLI tool for workspace initialization if it is already present on the user's system. - [PROMPT_INJECTION]: The skill automates project analysis by reading local codebase files (e.g., README, manifests) to pre-fill interview answers. This behavior occurs after seeking user permission and is constrained to generating documentation, posing a low risk of indirect instruction obedience.
- [DATA_EXFILTRATION]: No network operations or unauthorized data transmission behaviors were found; all operations are restricted to the local filesystem and the project's git repository.
Audit Metadata