Skills
skills/bmiguelbc16/antonella-agent-pack/01-scaffold-and-plan/Gen Agent Trust Hub

01-scaffold-and-plan

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the Antonella Framework template from its public GitHub repository using composer create-project or git clone during the initialization phase.
  • [COMMAND_EXECUTION]: The skill executes several shell commands to configure the new project, including php antonella updateproject, php antonella namespace, and various php antonella make commands for component generation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it accepts arbitrary strings from the user (such as the plugin slug and namespace) and interpolates them directly into shell commands without explicit sanitization.
  • Ingestion points: User-provided responses for the plugin name, slug, and namespace fields (SKILL.md).
  • Boundary markers: None; the agent is instructed to replace placeholders like [plugin-slug] directly with confirmed user input.
  • Capability inventory: Subprocess execution through composer, git, and php (SKILL.md).
  • Sanitization: No sanitization or validation logic is defined to prevent command injection characters from being included in the user-provided strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 10:26 AM