The Agent Skills Directory

[SAFE]: The skill does not contain any detected malicious patterns such as credential theft, persistence mechanisms, or obfuscation. Its behavior is consistent with its stated purpose of assisting in code generation.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to run commands like npx tsx and npx vitest for scaffolding, validation, and testing. This use of local execution is standard for project generation tools.
[EXTERNAL_DOWNLOADS]: The skill employs npx, which may download or execute packages from the npm registry, a well-known and trusted service in the technology industry.
[PROMPT_INJECTION]: The skill presents an indirect injection surface as it processes external inputs like suite names and concept lists to generate files and run commands. This is a common architectural pattern for generation tools and no exploitation logic was found.
Ingestion points: SKILL.md arguments $0 (name), $1 (description), and $2 (concepts).
Boundary markers: None identified in the prompt templates.
Capability inventory: Includes Bash for command-line interactions and Write for file system modifications across all generation steps.
Sanitization: No explicit input sanitization or validation logic is defined in the skill instructions.

suite-scaffold-gen