Skills
skills/itshalffull/concept-oriented-programming-framework/sync-scaffold-gen/Gen Agent Trust Hub

sync-scaffold-gen

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes npx tsx to execute local TypeScript files for rule scaffolding and npx vitest for running test suites.
  • [PROMPT_INJECTION]: Contains an indirect prompt injection surface (Category 8).
  • Ingestion points: User-provided strings for sync names, triggers, and conditions within the SKILL.md generation process.
  • Boundary markers: No specific boundary markers are present to isolate user-provided strings within the generated .sync files.
  • Capability inventory: The skill possesses Write access to create files and Bash execution privileges to run CLI tools.
  • Sanitization: There is no evidence of sanitization or validation of user inputs before they are interpolated into the file scaffolds.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 04:48 PM