adk-scaffold
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an installation script from astral.sh for the uv package manager. This source is a well-known service for Python environment management tools.
- [REMOTE_CODE_EXECUTION]: The skill includes a troubleshooting command that pipes a remote script from astral.sh into a shell. This is a standard installation pattern for the uv utility and originates from a reputable source.
- [COMMAND_EXECUTION]: The skill orchestrates project setup by executing the agent-starter-pack CLI via uvx. These commands involve file creation and configuration based on user input.
- Evidence: Commands like uvx agent-starter-pack create are used to initialize repositories.
- Mitigation: The skill explicitly enforces a strict character set (lowercase, numbers, hyphens) and length limit for the project name parameter, which reduces shell injection risks.
- [PROMPT_INJECTION]: The skill ingests untrusted user input during the requirement gathering phase to generate project specifications and configure scaffolding flags.
- Ingestion points: User answers to questions regarding agent purpose, tools, and constraints are collected in Step 1.
- Boundary markers: No explicit delimiters are specified for the interpolation of user responses into the generated DESIGN_SPEC.md file.
- Capability inventory: The skill performs subprocess execution using uvx and pip and handles project file generation.
- Sanitization: Input for the project name is validated against a specific character set and length restriction.
Audit Metadata