Skills
skills/evans-sam/skills/scaffold-exercises/Gen Agent Trust Hub

scaffold-exercises

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for directory creation and version control management.
  • Specifically, it uses mkdir -p for path setup and git commit or git mv for managing the repository state.
  • It invokes a local utility via pnpm ai-hero-cli internal lint to validate the generated structure, representing execution of a project-local CLI tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted input to drive its workflow.
  • Ingestion points: The agent is directed to "Parse the plan" to extract names for sections and exercises from an external source.
  • Boundary markers: No delimiters or safety instructions are provided to prevent the agent from following instructions that might be embedded within the plan text.
  • Capability inventory: Across SKILL.md, the agent is granted the ability to write to the filesystem (readme.md), create directories, and run shell commands (git, pnpm).
  • Sanitization: The skill does not define any validation or sanitization of the content extracted from the plan before it is used in directory paths or file content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 11:16 PM