project_bootstrapper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes the
Bashtool to perform operations like initializing Git repositories and package managers. This capability allows for the execution of arbitrary commands on the host system if the input or project configuration is manipulated. - [EXTERNAL_DOWNLOADS] (MEDIUM): The workflow promotes the use of various external package managers and tools (uv, pnpm, bun, Ruff, etc.). While these are standard industry tools, the skill's automated nature in installing dependencies from remote registries (NPM, PyPI) introduces risks common to supply chain attacks or untrusted package installation.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads existing project structures and file content using
ReadandGlobtools. - Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions in analyzed files are present.
- Capability inventory: Includes
Bashexecution,Writeaccess for configuration files, andEditaccess for existing code. - Sanitization: There is no evidence of sanitizing content read from the project before using it to inform logic or command execution.
- [PERSISTENCE MECHANISMS] (MEDIUM): The skill explicitly sets up Git hooks (pre-commit, commit-msg) and CI/CD workflows (GitHub Actions). While these are features for project management, they are technically persistence mechanisms that could be abused to execute code on future commits or in CI environments.
Recommendations
- AI detected serious security threats
Audit Metadata