backend-scaffold

The skill's stated purpose and its described two-phase scaffold generation workflow are broadly coherent and align with a template-driven, multi-stack backend generator. The primary security considerations center on external helper scripts and plugin-backed sources (id-generator.sh, index-updater.sh, template files, and pre-execution protocols). While no explicit credentials or data exfiltration are evident, reliance on external scripts and unpinned templates necessitates strict integrity controls, signed sources, and sandboxed execution. Enforce explicit user approval (HARD STOP), validate and pin template/script sources, and implement input sanitization and least-privilege file operations in generated code to mitigate risk.