scaffold-gateables
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute 'npm run build' and 'npm run dev' to verify project integrity after modifications.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing project-specific files. 1. Ingestion points: Reads project files including package.json, core Constants, EventBus, GameState, main.js, and progress.md. 2. Boundary markers: None identified. 3. Capability inventory: Modifies project source files and executes shell commands. 4. Sanitization: None identified.
- [SAFE]: The skill's behavior is consistent with its role as a code-generation tool for game developers. No evidence of data exfiltration or malicious intent was found.
Audit Metadata