Skills
skills/navanithans/agent-skill-kit/ask-component-scaffolder/Gen Agent Trust Hub

ask-component-scaffolder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The script scripts/scaffold_component.py is vulnerable to indirect prompt injection via path traversal. Ingestion points: The name argument is taken directly from user or agent input in scripts/scaffold_component.py. Boundary markers: Absent. Capability inventory: The script has filesystem write capabilities including directory creation (os.makedirs) and file writing (open().write()). Sanitization: Absent. The name input is not validated for path traversal sequences such as .. or absolute paths.
  • COMMAND_EXECUTION (MEDIUM): The script performs filesystem operations based on unsanitized user input, allowing for arbitrary directory and file creation within the agent's permission scope.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:17 AM