scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill analyzes local codebase files to identify structural patterns and conventions. This is an intended function for code generation and is restricted to reading local files for context, with no network exfiltration or unauthorized access patterns found.
- [INDIRECT_PROMPT_INJECTION]: The skill uses existing code implementations as templates, which constitutes a potential surface for indirect prompt injection if those files contain malicious instructions. However, the risk is negligible as the skill focuses on structural pattern matching for boilerplate generation.
- Ingestion points: Local codebase files identified during the example-finding step (SKILL.md).
- Boundary markers: Absent; the instructions do not explicitly warn the agent to ignore instructions embedded within the analyzed code samples.
- Capability inventory: Filesystem write operations are used to create new API endpoints, UI components, and backend modules.
- Sanitization: Absent; the agent replicates patterns found in the source files directly.
Audit Metadata