bootstrap
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes terminal commands via
run_terminal_cmdto gather system diagnostics (e.g.,uname,whoami,hostname,git status) and to initialize the workspace (e.g.,mkdir,cp,mv). These operations are constrained to environment discovery and local file management. - [PROMPT_INJECTION]: The skill manages the generation of
.cursor/rules/files, which contain 'Ambient Skills' designed to shape the agent's persona and safety boundaries (e.g.,no-ai-slop,no-ai-hedging). These function as persistent system prompt instructions for the specific workspace environment. - [DATA_EXFILTRATION]: The skill implements
PROBEandDEEP-PROBEmethods that collect local environment metadata, such as workspace paths and git remote URLs. This data is written to a local file (.moollm/bootstrap-probe.yml) which is configured to be gitignored. No evidence of network exfiltration was found. - [SAFE]: All external references and templates are sourced from local paths within the skill's own directory structure rather than remote URLs. The diagnostic activities are transparent and the skill includes documentation for auditing its own behavior.
Audit Metadata