setup
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the detected package manager (npm, yarn, pnpm, or bun) to install development dependencies. It also invokes system-level commands like 'brew install gitleaks' and 'npx' for initialization and migration tasks.
- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of various third-party packages from the npm registry and system tools via Homebrew. While these are well-known development tools, the skill dynamically executes these installations based on project detection.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it explicitly instructs the agent to analyze untrusted data (existing documentation, commit messages, and code comments) to determine language variants and spelling conventions.
- Ingestion points: Local project files, including documentation and git history (commit messages).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the logic that analyzes project style.
- Capability inventory: The agent has the capability to write files (biome.json, tsconfig.json, etc.) and execute shell commands (npm install, npx).
- Sanitization: There is no evidence of sanitization or validation performed on the inferred language styles or project data before they are used to generate configuration files.
Audit Metadata