pm-setup
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses standard filesystem commands (ls, mkdir, mv) to manage local context files within the .claude directory. No suspicious or elevated commands were found.
- [PROMPT_INJECTION]: The skill analyzes codebase contents which could contain malicious text. To mitigate this risk, it includes a mandatory human-in-the-loop validation step where users review all findings before they are committed to files. Evidence chain: 1. Ingestion: Codebase manifests and source routes; 2. Boundary: User verification prompt; 3. Capabilities: Local file writes and subagent tasks; 4. Sanitization: Manual review/correction flow.
Audit Metadata