greenfield
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices and serves its stated purpose of project initialization. Key safety features include:
- [COMMAND_EXECUTION]: Shell commands are used for stack detection and project configuration. These are localized to the user's project directory and follow predictable patterns based on detected frameworks.
- [EXTERNAL_DOWNLOADS]: The skill identifies missing security tools (gitleaks, semgrep, trivy) and provides links to their official documentation/installation guides. These are trusted services and well-known security tools.
- [PROMPT_INJECTION]: No behavioral overrides or safety bypasses were detected in the instructions.
- [DATA_EXFILTRATION]: No instances of unauthorized data access or external transmission were found. Configuration is saved locally in
.claude/skill-config.json. - [REMOTE_CODE_EXECUTION]: No remote code is downloaded or executed. All logic resides within the skill's distributed scripts.
- [DYNAMIC_EXECUTION]: The skill generates hook scripts (
guard.sh,stop-quality-gate.sh) in the user's project. These hooks are designed to improve security by blocking destructive commands and secret exposure during the development lifecycle.
Audit Metadata