scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides templates for common project initialization commands using standard development tools like
npm,uv,go, andcargo. - [CREDENTIALS_UNSAFE]: Correctly implements secret management patterns by using
.env.examplefiles and validation libraries. No hardcoded sensitive data is present; all credentials in templates are non-functional placeholders. - [EXTERNAL_DOWNLOADS]: References official images and actions from trusted organizations and well-known services (such as Docker Hub, GitHub, and Astral-sh) in its scaffolding templates.
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection exists because the skill generates project files based on user-provided specifications.
- Ingestion points: User project requirements and names (SKILL.md)
- Boundary markers: Absent
- Capability inventory: Write, Edit, and Bash tools (SKILL.md)
- Sanitization: Absent
Audit Metadata