scaffold-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions and agent definitions (e.g., skill-creator.md) use standard instructional language to define tasks without any attempts to override safety filters or extract system prompts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file path accesses were found. The scripts operate exclusively on local project directories, and no network calls to external domains are present.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any remote downloads (no curl/wget to external scripts). It checks for local dependencies like jq and yq and executes local scripts as part of its scaffolding logic.
- Privilege Escalation (SAFE): There are no uses of sudo or attempts to modify system-level configurations. File permissions are restricted to making the generated 'sop' wrapper executable.
- Indirect Prompt Injection (LOW): The 'utils.sh' script includes a 'resolve_input' function that interpolates variables into JSON. This is an intended capability for the engine's workflow management and is implemented using jq, which safely handles structured data compared to raw string manipulation.
- Dynamic Execution (LOW): The 'skill-runner.sh' component is designed to execute local bash or python scripts. This is the core architectural pattern of the engine and is used to run verified local skills within the project environment.
Audit Metadata