matt-scaffold-exercises

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill performs standard development tasks such as directory creation, file stubbing, and linting within a local environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes a 'plan' to generate directory names. This represents an attack surface where maliciously crafted plan content could attempt to influence the created structure.
  • Ingestion points: Workflow step 1 parses a plan to extract names (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: File system creation (mkdir), file moving (git mv), and execution of a local CLI tool (pnpm).
  • Sanitization: None explicitly defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 05:43 AM
Security Audit — agent-trust-hub — matt-scaffold-exercises