Skills
skills/songlairui/foyer-mono/init-project/Gen Agent Trust Hub

init-project

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill primarily operates by executing shell commands via a custom CLI tool named foyer. While intended for project management, this interface requires the agent to construct and run shell strings.
  • [COMMAND_EXECUTION]: There is a potential risk of shell command injection if user-supplied parameters, such as the project slug or description, are not properly sanitized before being passed to the CLI commands.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from two main sources: direct user input for project details and external content retrieved via foyer search or foyer activity context.
  • Ingestion points: foyer search and foyer activity context (referenced in SKILL.md).
  • Boundary markers: None explicitly defined to separate retrieved content from system instructions.
  • Capability inventory: File system modification, Git initialization, and GitHub repository creation (via foyer project init).
  • Sanitization: No explicit sanitization or validation of the retrieved text is mentioned before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 04:38 PM