scaffold-repo
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands to initialize projects, including 'ls -la' to check directory status, 'git init' for repository setup, and framework-specific CLI tools like 'create-next-app' and 'cargo init'.
- [EXTERNAL_DOWNLOADS]: The skill utilizes official scaffolding tools and package managers (npm, pnpm, bun, uv, cargo) to download project templates and dependencies from established registries such as NPM and PyPI.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it interpolates user-provided responses from the interview phase directly into shell commands and file content without explicit sanitization logic. \n
- Ingestion points: User input captured during the 7-domain interview protocol (SKILL.md). \n
- Boundary markers: Absent; user strings are directly used in CLI flags and document generation. \n
- Capability inventory: Full shell execution of framework CLIs, file system writes across the workspace, and network operations via package managers (SKILL.md, references/stack-matrix.md). \n
- Sanitization: Absent; the instructions do not include steps to escape or validate user-supplied project names or descriptions before command interpolation.
Audit Metadata