Skills
skills/itshalffull/concept-oriented-programming-framework/deploy-scaffold-gen/Gen Agent Trust Hub

deploy-scaffold-gen

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute commands like npx tsx and clef. These tools are used to process deployment configurations and validate generated manifests.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to the handling of external data.
  • Ingestion points: Untrusted data enters via the appName, runtimes, and concepts arguments in the SKILL.md process.
  • Boundary markers: Absent. The skill does not provide clear delimiters or instructions to the agent to ignore instructions embedded within the user-provided data.
  • Capability inventory: The skill has access to Bash (for CLI execution) and Write (for manifest creation) capabilities.
  • Sanitization: Absent. There is no evidence of input validation, filtering, or escaping before the user data is interpolated into high-privilege tool calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 04:47 PM