Skills
skills/neversight/skills_feed/project-scaffolding/Gen Agent Trust Hub

project-scaffolding

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill initializes projects using external templates, which can be used to inject malicious instructions into the agent context. • Ingestion points: templates at /path/to/BaseProject and AgentUsage/templates/ (SKILL.md). • Boundary markers: Absent. • Capability inventory: Subprocess calls for package managers and shell utilities; the skill executes generated code for verification (SKILL.md). • Sanitization: Absent.
  • [Privilege Escalation] (MEDIUM): Instructs the agent to perform chmod +x on a script (setup_new_project.sh) that is not part of the skill's file set (SKILL.md).
  • [Command Execution] (LOW): Requires execution of standard shell commands for file and directory management.
  • [External Downloads] (LOW): Installs standard packages from trusted official registries.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 12:05 AM