Skills
skills/itshalffull/concept-oriented-programming-framework/handler-scaffold-gen/Gen Agent Trust Hub

handler-scaffold-gen

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run npx, vitest, and vendor-specific clef commands for scaffolding and testing tasks.
  • [PROMPT_INJECTION]: Identification of an indirect prompt injection surface where user-provided arguments are used for code generation.
  • Ingestion points: $ARGUMENTS, $0, and $1 in SKILL.md are used to define concept names and actions.
  • Boundary markers: No specific delimiters or instructions are present to prevent embedded commands in arguments from being interpreted.
  • Capability inventory: The skill uses Read, Write, and Bash tools to manage files and execute commands.
  • Sanitization: No explicit sanitization or validation of the input arguments is observed before interpolation into templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 03:13 PM
Security Audit — agent-trust-hub — handler-scaffold-gen