project-scaffolding
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a significant attack surface for indirect prompt injection and potential command injection by ingesting untrusted user input to drive CLI operations.
- Ingestion points: User-provided inputs for 'Project name', 'Location/directory', 'Description', and 'Author name' in Step 2.
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within user-provided metadata.
- Capability inventory: Extensive use of shell commands including
mkdir,cd,touch, and various framework CLIs (npx,npm,cargo,go,flutter,spring). - Sanitization: No explicit sanitization or validation logic is mentioned for user-supplied strings before they are interpolated into commands or file content.
- Command Execution (SAFE): The skill executes various CLI commands to scaffold projects. While command execution is inherently risky, these actions are essential to the primary purpose of the skill and utilize standard, well-known ecosystem tools (e.g.,
npx create-next-app,cargo new).
Audit Metadata