scaffold-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill runs shell commands including
npm install,npx ultracite init, andnpm run buildas part of the scaffolding process. This is expected behavior for this use case. - [EXTERNAL_DOWNLOADS] (LOW): The skill triggers
npm install, which downloads dependencies from the npm registry. The packages listed in the templates (e.g., commander, vitest, biome) are standard, well-known utilities in the Node.js ecosystem. - [PROMPT_INJECTION] (LOW): Categorized as Indirect Prompt Injection (Category 8). The skill interpolates unvalidated user input such as
{{name}}and{{description}}into generated files intended for AI agent context (AGENTS.md,SKILL.md). - Ingestion points: Variable collection in
SKILL.mdStep 1. - Boundary markers: Absent in generated templates; user strings are inserted directly into markdown.
- Capability inventory: The resulting project includes capabilities for subprocess execution and dependency management via
package.jsonscripts. - Sanitization: No sanitization or escaping is performed on user-provided strings before they are written to the documentation files.
- [DYNAMIC_EXECUTION] (LOW): The skill generates source code, compiles it using
tsdown, and سپس executes the resulting binary (node dist/cli.js) to validate the scaffold. This is a primary function of the skill, and the execution is limited to the newly created local directory.
Audit Metadata