init-ai-md
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill uses the AskUserQuestion tool for all major operations, including memory item selection and synchronization across files. This ensures that the agent cannot modify project files without explicit user oversight and consent.
- [COMMAND_EXECUTION]: The skill and its associated templates reference standard development commands such as git, pnpm, and @changesets/cli. These tools are used appropriately for common workflows like version control and automated changelog generation.
- [SAFE]: The skill reads existing project files and other skill definitions to generate a summary table, which constitutes an ingestion surface for indirect prompt injection. This risk is effectively mitigated by the skill's instruction to use interactive confirmation and incremental updates rather than blind execution of processed content.
- [SAFE]: External links contained within the templates point to trusted documentation sites (e.g., Anthropic's developer documentation) and do not pose a security risk.
Audit Metadata