matt-scaffold-exercises
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill performs standard development tasks such as directory creation, file stubbing, and linting within a local environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes a 'plan' to generate directory names. This represents an attack surface where maliciously crafted plan content could attempt to influence the created structure.
- Ingestion points: Workflow step 1 parses a plan to extract names (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: File system creation (mkdir), file moving (git mv), and execution of a local CLI tool (pnpm).
- Sanitization: None explicitly defined in the instructions.
Audit Metadata