Skills
skills/ariegoldkin/devprepai/trpc-scaffolder/Gen Agent Trust Hub

trpc-scaffolder

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The Bash scripts create-router.sh, create-schema.sh, and add-procedure.sh construct output file paths using unsanitized user-supplied arguments. This creates a path traversal risk, potentially allowing the creation or modification of files outside the designated project directories if input containing ../ is processed.
  • [COMMAND_EXECUTION]: Template substitution in the scripts uses sed with a forward-slash delimiter without escaping input. If user-provided names (like a router or procedure name) contain forward slashes, the sed command will break, leading to malformed code generation or script failure.
  • [COMMAND_EXECUTION]: The validate-trpc.sh script performs recursive directory searches and content grepping on the local filesystem. These operations are performed on the project source code without input sanitization, which could lead to unintended behavior if filenames are maliciously crafted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 05:26 PM