bootstrap
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a bundled Python script (
bootstrap.py) to manage project settings. This script also utilizes dynamic module loading viaimportlibto resolve the repository root and load utility functions from a sibling directory path. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and merges existing repository configuration files (
.skills/*.json). Evidence: 1. Ingestion points: .skills/planning.json, .skills/execution.json, and .skills/conventions.json. 2. Boundary markers: None present. 3. Capability inventory: File system writes, directory creation, and local script execution. 4. Sanitization: Uses standard JSON parsing with dictionary type validation and placeholder substitution.
Audit Metadata