atlan-app-scaffold-standard
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
atlanCLI commands, such asatlan app init -o <app_path>, using variables resolved directly from user requests. In the absence of explicit instructions to sanitize or validate these inputs, this represents a potential vector for command injection if a user provides a maliciously crafted application name or path. - [EXTERNAL_DOWNLOADS]: The skill includes logic to install the
atlanCLI if it is missing, specifying the use of Homebrew or pre-built binaries. These resources are associated with the vendor 'atlanhq' and represent standard environment preparation for the skill's intended functionality. - [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface through its 'progressive discovery' workflow.
- Ingestion points: The agent reads existing repository files, including
main.py,workflow.py, andpyproject.toml, to inform its implementation strategy. - Boundary markers: The skill does not provide the agent with specific delimiters or instructions to ignore or isolate potential instructions embedded within the files it processes.
- Capability inventory: The skill possesses the capability to execute CLI commands, write files to the system, and trigger external installation workflows.
- Sanitization: No logic is provided to sanitize or validate the content extracted from repository files before it is used to influence the agent's implementation logic.
Audit Metadata