Skills
skills/study8677/antigravity-workspace-template/agent-repo-init/Gen Agent Trust Hub

agent-repo-init

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/init_project.py invokes the git init command to initialize a new repository.
  • Evidence: Uses subprocess.run(["git", "init"], ...) which is a safe implementation using an argument list rather than a shell string.
  • Context: The command is standard for project scaffolding and is restricted to the newly created project directory.
  • [SAFE]: The skill implements defensive programming patterns to ensure safe execution:
  • Input Validation: The project_name argument is validated against a strict regular expression ([A-Za-z0-9._-]+) before being used in path operations or file content, preventing shell injection or path traversal via the project name.
  • Path Safety: The _is_within function checks that the destination is not inside the source template to prevent infinite recursive copies.
  • Credential Management: While the script modifies .env files, it only sets configuration placeholders (e.g., model names, base URLs) and does not hardcode or exfiltrate sensitive keys.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 11:59 PM