scaffold-connector
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill introduces an indirect prompt injection surface during Phase 3 (Research). The agent is instructed to use web search and fetch tools to gather technical information from external documentation which is then used to generate code and documentation. This could allow malicious content in external sources to influence the agent's logic.\n
- Ingestion points: Web research results from API/SDK documentation sites gathered via WebSearch and WebFetch tools.\n
- Boundary markers: Absent; there are no specific instructions to delimit or treat the external data as untrusted.\n
- Capability inventory: The skill utilizes shell execution (Bash), file system writes (Write, Edit), and sub-agent dispatch (Agent) across all scripts.\n
- Sanitization: Absent; the skill does not specify any validation or sanitization for content retrieved from external sources before it is processed.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch research data and download development dependencies. These operations target trusted sources such as GitHub and official documentation domains for technology services (e.g., ClickHouse, Apache, Prefect). It also uses standard package registries (PyPI, NPM, Maven) to install build tools and libraries.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard development commands, including environment management (venv), package installation (pip, yarn), code generation (make, mvn), and testing (pytest). These commands are executed locally and are consistent with the skill's purpose as a scaffolding tool.
Audit Metadata