scaffold
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces security-conscious configurations, specifically multi-stage Docker builds with non-root users and the implementation of dependency vulnerability scanning.- [SAFE]: No hardcoded secrets, sensitive file path exposure, or unauthorized network operations were detected.- [PROMPT_INJECTION]: The skill ingests untrusted data from implementation plans and architecture reports (Ingestion Point) without explicit boundary markers. It has the capability to write various infrastructure and configuration files (Capability). This surface is mitigated by instructions requiring skeptical thinking, confidence thresholds, and mandatory user confirmation via AskUserQuestion (Sanitization/Verification).- [SAFE]: The instructions steer the agent toward technical excellence and architectural consistency without bypass patterns or safety guideline overrides.
Audit Metadata