scaffold-worker
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to read from an absolute local path:
/Users/happypeet/Documents/Github/cc-switch/. This constitutes unauthorized file access/exposure as it targets directories outside the current working directory. - [COMMAND_EXECUTION]: The skill executes multiple commands that fetch and run external code, including
pnpm create tauri-appandpnpm install. While expected for scaffolding, these commands run arbitrary external scripts at runtime. - [INDIRECT_PROMPT_INJECTION]: The work procedure relies on reading external data from the
cc-switchproject to determine configuration steps. - Ingestion points: Files located at
/Users/happypeet/Documents/Github/cc-switch/(referenced in SKILL.md). - Boundary markers: Absent. There are no instructions to ignore malicious content within those files.
- Capability inventory: The skill has broad capabilities including file writing, network package installation (pnpm), and shell command execution (
pnpm tauri dev,cargo check) across the SKILL.md file. - Sanitization: Absent. Data read from the external project is used directly to configure the new project.
Audit Metadata