agentsmd-scaffold
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured workflow for generating repository-specific instruction files (AGENTS.md) based on existing evidence within a codebase.
- [COMMAND_EXECUTION]: The skill includes a local Python script "scripts/scan_repo_context.py" used to automate repository discovery.
- Analysis of the script confirms it is a read-only tool using standard Python libraries (os, pathlib, json, re).
- The script performs file system traversal and basic file inspection (e.g., counting lines, identifying manifest files) without performing any network requests or modifying the file system.
- [SAFE]: The skill includes an assessment for potential indirect prompt injection. While the scanner script ingests data (file names and manifest contents) from the target repository, the risk is minimal as the output is used for planning and scaffolding under the agent's logic, and the skill does not possess high-risk capabilities like arbitrary remote code execution or network exfiltration.
Audit Metadata