Skills
skills/elastic/kibana/scout-create-scaffold/Gen Agent Trust Hub

scout-create-scaffold

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses node scripts/scout.js and node scripts/type_check to perform its primary function of scaffolding and validating test environments. This involves executing local scripts with arguments provided by the user, which is a standard development workflow within the repository.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates user-supplied data, such as the <moduleRoot> path, directly into command line arguments.
  • Ingestion points: File paths and configuration options provided by the user during the interaction.
  • Boundary markers: None identified. The instructions do not define delimiters or validation steps for the input data before it is used in a shell command.
  • Capability inventory: The skill is designed to execute shell commands and modify the local file system through the provided scripts.
  • Sanitization: None identified. The skill does not specify any sanitization or escaping of the user-provided inputs within the markdown instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:19 PM