solo-scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands for file system operations, git initialization, and GitHub repository management via the gh CLI. It also runs package manager installation and build commands (pnpm install, uv sync) during the verification phase.
- [EXTERNAL_DOWNLOADS]: Fetches dependencies from official registries using well-known package managers (pnpm, uv) to verify the scaffolded project.
- [DATA_EXFILTRATION]: Stores organizational metadata such as bundle ID prefixes and GitHub organization names in a local configuration file (~/.solo-factory/defaults.yaml) and pushes source code to user-specified GitHub repositories.
- [PROMPT_INJECTION]: Ingests content from local PRD files and existing source code which could contain instructions that influence the code generation process. 1. Ingestion points: docs/prd.md and existing project files accessed via SoloGraph MCP. 2. Boundary markers: None specified in the instructions. 3. Capability inventory: Bash, Write, and Edit tools across all generated files. 4. Sanitization: No explicit sanitization of ingested content before interpolation.
Audit Metadata