scaffold
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations including creating new files and modifying existing registration points (barrel exports, route configs). It also executes a verification command (typecheck) as part of its workflow.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted code from the project.\n
- Ingestion points: Source files identified by search patterns (e.g., SKILL.md: **/*.tsx, /services/).\n
- Boundary markers: Absent; the skill parses file content directly.\n
- Capability inventory: File writing, file modification, and command execution (typecheck).\n
- Sanitization: Absent; it copies structural patterns without sanitizing embedded text.\n- [SAFE]: No critical vulnerabilities such as credential theft or unauthorized network communication were found. Its behavior matches its stated purpose of project scaffolding.
Audit Metadata