Project Scaffolding
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configures an automated
PostToolUsehook in.claude/settings.jsonthat executes a bash script (.claude/scripts/post-edit-check.sh) whenever the agent performs file edits. This creates a persistent execution loop triggered by common agent actions. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
cpandchmod +x) to deploy and enable an executable script within the user's project directory. - [PROMPT_INJECTION]: The skill instructions include an indirect prompt injection surface by consuming untrusted data from the project root (e.g.,
README.md,package.json) to populate theCLAUDE.mdsystem prompt file. - Ingestion points: Files like
README.md,package.json, and the overall project directory structure are read to extract descriptions and metadata. - Boundary markers: The skill lacks explicit instructions or delimiters in the generated
CLAUDE.mdto prevent the agent from following instructions that might be embedded in the ingested project data. - Capability inventory: The skill has the capability to write to the file system, create directories, modify agent settings, and execute shell scripts via hooks.
- Sanitization: There is no evidence of sanitization or validation of the content read from project files before it is interpolated into the configuration templates.
Audit Metadata