skylar-start-here
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to initialize git submodules, install project dependencies, and manage local development servers such as Storybook and the main application dev server. It also includes capabilities to identify and terminate processes occupying specific network ports.- [EXTERNAL_DOWNLOADS]: Performs network operations to fetch code and dependencies using standard tools including
git submodule updateandpnpm install. These operations target well-known development registries and repositories.- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by instructing the agent to monitor terminal error messages and automatically modify source code files to resolve build or TypeScript errors. - Ingestion points: Terminal output, error logs, and codebase source files.
- Boundary markers: None identified.
- Capability inventory: Shell command execution (pnpm, git, kill) and file system write access for source code modification.
- Sanitization: No sanitization or validation of external error messages or suggested code fixes is described.
Audit Metadata