grey-haven-project-scaffolding
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The templates
cloudflare-worker-template.sh,python-api-template.sh, andreact-component-template.shaccept user-controlled input (Project Name) as a positional argument. This variable is used directly in shell commands. - Evidence: In
templates/cloudflare-worker-template.sh, the variable$PROJECT_NAMEis used insed -i '' "s/PROJECT_NAME/$PROJECT_NAME/g" package.json. A malicious name containing shell metacharacters could lead to unintended command execution if the agent runs these scripts in a shell environment. - INDIRECT_PROMPT_INJECTION (LOW): The skill demonstrates a vulnerability surface where untrusted user input (the project name) is interpolated into scripts executed by the Bash tool.
- Ingestion points: Positional arguments in
templates/cloudflare-worker-template.sh,templates/python-api-template.sh, andtemplates/react-component-template.sh. - Boundary markers: Absent. No validation or sanitization of the
$1argument is performed before use in shell operations. - Capability inventory:
Bash,Write,Readtools; scripts usemkdir,cat, andsed. - Sanitization: Absent. There is no escaping or validation logic for the input variable.
- EXTERNAL_DOWNLOADS (SAFE): The scaffolded projects include standard dependencies from npm and PyPI. While these involve external network operations during setup, they are consistent with the primary purpose of a project generator and use well-known packages.
Audit Metadata