init-project
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file executes a bash script using the $ARGUMENTS placeholder without double quotes. This allows for command injection if a user provides arguments containing shell metacharacters such as semicolons, pipes, or backticks.
- [PROMPT_INJECTION]: The scaffold.sh script parses workspace members from Cargo.toml and interpolates them directly into generated markdown files like coverage-status.md. This represents an indirect prompt injection surface where a malicious project file can inject instructions or deceptive content into the agent's knowledge base.
- [SAFE]: The skill's directory creation and template deployment are consistent with its stated purpose of project scaffolding.
Audit Metadata