setup-project
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installation commands for various well-known services including Bun, Vercel, and Cloudflare. It specifically references an installation script from bun.sh that is piped to bash. As these are established technology providers, this is documented as standard developer setup functionality.
- [COMMAND_EXECUTION]: The skill uses bash commands like which and ls to discover the local environment and project structure. These operations are limited to discovery and do not involve unauthorized access or modification.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. [Ingestion points]: It reads package.json and CLAUDE.md files from the project directory. [Boundary markers]: No explicit delimiters or instructions to ignore embedded commands are present during file reading. [Capability inventory]: The agent has access to Write and Edit tools, allowing it to modify project files based on parsed data. [Sanitization]: No input sanitization is performed on the contents of the scripts parsed from package.json before they are used to generate new configurations.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata