The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The skill accesses and manipulates .env files, which are listed as sensitive file paths. It explicitly references reading/writing keys like DATABASE_URL, JWT_SECRET, and API_KEY. Although used for setup, this provides a surface for sensitive data exposure.
[COMMAND_EXECUTION] (LOW): The skill is built around the Bash tool to run init.sh and smoke-test.sh. This is its primary intended function.
[EXTERNAL_DOWNLOADS] (MEDIUM): Uses pnpm install and pnpm build to fetch and process external code from the npm registry. This represents a dependency risk if the project configuration is compromised.
[PRIVILEGE_ESCALATION] (MEDIUM): The instructions include chmod +x on scripts created by the AI agent, granting execution permissions to dynamically generated content.
[INDIRECT_PROMPT_INJECTION] (LOW): Mandatory Evidence Chain: 1. Ingestion: Reads package.json, docker-compose.yml, and .env.example. 2. Boundaries: No explicit boundary markers or instructions to ignore embedded commands are provided. 3. Capabilities: Has full Bash and Write access to the filesystem. 4. Sanitization: No evidence of input validation or sanitization for project files.

environment-bootstrap