scaffold-exercises
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses system commands including
mkdir -pfor directory creation andgit mvorgit commitfor version control management. These are standard operations for a scaffolding tool. - [COMMAND_EXECUTION]: The skill executes
pnpm ai-hero-cli internal lintto validate the created directory structure. This is a routine development task using a local command-line interface. - [PROMPT_INJECTION]: The skill processes a user-provided 'plan' to determine directory names and file contents. While this creates a surface where malformed input could attempt path traversal, the instructions explicitly enforce strict naming conventions (lowercase, dash-case, and numeric prefixes), which serve as a functional constraint on the input's impact.
Audit Metadata