scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and act upon data from an external implementation plan or architecture report to generate project scaffolding. This pattern creates a surface for indirect prompt injection where instructions embedded in the plan could influence the agent's code generation. 1. Ingestion points: The workflow reads implementation plans and architecture reports from the project context. 2. Boundary markers: No specific delimiters are defined to isolate untrusted plan data from the agent's instructions. 3. Capability inventory: The agent uses TaskCreate for workflow management, AskUserQuestion for user interaction, and performs multiple file-write operations during the scaffolding phase. 4. Sanitization: Risks are mitigated through the 'Evidence Gate' (requiring file:line proof for claims) and a mandatory requirement to confirm the checklist with the user using AskUserQuestion before generating any code.
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands like grep to scan the codebase for existing abstractions and to perform build/compile checks. These commands are used locally for verification purposes.
- [SAFE]: The skill promotes security best practices by mandating the setup of static analysis, linting, and automated vulnerability scanning for dependencies as part of the initial project scaffolding.
Audit Metadata