full-stack-scaffold
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data that could influence the agent's context through its output.\n
- Ingestion points: The scripts
scripts/scaffold_app.pyandscripts/scaffold_app.jsaccept theproject_typeas a command-line argument from the user.\n - Boundary markers: Absent. The scripts do not use any delimiters to separate user input from system-generated logs.\n
- Capability inventory: All scripts in the current version are limited to
printandconsole.logoperations. There are no file system modifications, network requests, or subprocess executions implemented in the provided snippets.\n - Sanitization: No validation or escaping is performed on the
project_typeinput before it is printed to the terminal, where an agent might read and interpret it.\n- [Remote Code Execution] (SAFE): The execution protocol references local scripts within the skill directory. No patterns for downloading and executing remote code (e.g., pipingcurltobash) were identified.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, access to sensitive file paths (like~/.ssh), or outbound network connections were detected.\n- [Privilege Escalation] (SAFE): No use ofsudo,chmod, or other privilege-altering commands were found in the scaffolding instructions or scripts.
Audit Metadata