Skills
skills/jubscodes/get-shit-pretty/gsp-scaffold/Gen Agent Trust Hub

gsp-scaffold

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes system commands for environment setup and build verification.
  • Evidence: Uses Bash to run rm -rf, npx next build, and npm run build as part of the scaffolding process.
  • [EXTERNAL_DOWNLOADS]: Retrieves components and packages from official registries and established developer tools.
  • Evidence: Fetches resources via npm install and initialization tools for Next.js, shadcn/ui, and React Native Reusables.
  • [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection where external data influences tool execution.
  • Ingestion points: Reads project-specific manifests from install-manifest.md and configuration from config.json (SKILL.md).
  • Boundary markers: Absent; content from manifest files is directly used to construct and execute shell commands.
  • Capability inventory: Full Bash tool access, package manager execution, and file system modification capabilities.
  • Sanitization: Absent; the skill executes component additions and dependency installs without verifying the legitimacy or safety of the entries provided in the manifest files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:01 AM