python-development-python-scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and instructs the agent to run standard development commands for project initialization, including 'uv init', 'git init', 'uv venv', and 'django-admin'.\n- [SAFE]: Secret management best practices are followed by providing '.env.example' templates with non-sensitive placeholders instead of hardcoded production credentials.\n- [SAFE]: All identified dependencies (e.g., FastAPI, Django, Pydantic, SQLAlchemy) are well-known and trusted packages from the official Python Package Index (PyPI).\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it generates code based on user-provided input.\n
- Ingestion points: User requirements are processed via the $ARGUMENTS variable in SKILL.md.\n
- Boundary markers: No delimiters or explicit boundary markers are present to separate instructions from user-provided data.\n
- Capability inventory: The skill can generate source code, build configuration files (pyproject.toml), Makefiles, and shell scripts.\n
- Sanitization: No explicit validation or sanitization of the $ARGUMENTS input is performed before it is used for code generation.
Audit Metadata