setup-ai
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform project setup tasks such as creating symlinks, managing directories, and initializing the Beads CLI (bd init). These operations are restricted to relevant project paths and are governed by strict safety protocols to prevent data loss.\n- [EXTERNAL_DOWNLOADS]: It installs the '@beads/bd' package via the npm registry. This package is an integral vendor-provided resource for the skill's task tracking functionality and is only installed if it is missing from the system.\n- [PROMPT_INJECTION]: The skill contains internal directives using strong imperative language (e.g., 'MANDATORY', 'NEVER') to define operational boundaries. These constraints are designed to ensure the agent follows safety procedures like file backups and does not constitute a malicious attempt to override core agent guidelines.
Audit Metadata