project-scaffolding
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection and command injection because it interpolates user-provided project names into shell command strings.
- Ingestion points: Project names and directory paths provided by the user (interpolated into 'YourProjectName').
- Boundary markers: None are present to distinguish user input from the shell command context.
- Capability inventory: The skill executes 'cp', 'rm', 'mkdir', 'git', and multiple package manager commands.
- Sanitization: No sanitization or escaping is performed on user inputs before they are executed in a shell.
- COMMAND_EXECUTION (MEDIUM): The skill provides instructions for elevating privileges on a script not included in the skill definition.
- Evidence: The 'Common Issues' section suggests 'chmod +x setup_new_project.sh', which allows execution of an external script whose source and integrity are unverified.
- EXTERNAL_DOWNLOADS (LOW): The skill downloads and installs various third-party packages from public registries.
- Evidence: Instructions use 'uv add', 'pnpm add', and 'go mod init' to fetch dependencies like 'fastapi', 'express', and 'dotenv'. While these are common libraries, the lack of version pinning or source verification is a minor security risk.
Recommendations
- AI detected serious security threats
Audit Metadata