scaffold
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it dynamically determines which packages and components to install based on untrusted project data files.\n
- Ingestion points:
{PROJECT_PATH}/brief/install-manifest.mdand{PROJECT_PATH}/config.json.\n - Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded commands within the processed files.\n
- Capability inventory: Utilizes the
Bashtool to performnpm installandnpxexecutions based on instructions found in the external manifest.\n - Sanitization: No validation or sanitization of manifest content is performed before passing the instructions to the shell for execution.\n- [COMMAND_EXECUTION]: Executes shell commands to initialize tech stacks, build projects, and install components. This includes commands like
npx create-next-app,npm install, andnpx shadcn, as well as build verification commands likenpx next build.\n- [EXTERNAL_DOWNLOADS]: Fetches and installs software packages from the npm registry and other standard tool repositories during the scaffolding and initialization phases.
Audit Metadata