scaffold-rules
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill utilizes
bunx @plaited/development-skillsto perform its actions. This command downloads and executes code from the npm registry at runtime. The@plaitedscope is not an established trusted source, posing a supply chain risk where malicious code could be executed on the user's machine. - [Indirect Prompt Injection] (HIGH): The skill's primary function is to populate
.claude/rules,.cursor/rules, and.agents/ruleswith instructions from an external package. These directories are used by AI agents to define their behavior. Malicious instructions injected into these files can persistently subvert the agent's safety protocols or operational logic across all future sessions in that workspace. - Ingestion points: External rules are fetched via
bunxfrom the@plaited/development-skillspackage. - Boundary markers: Absent. The skill does not provide any mechanism to delimit or warn the agent about the untrusted nature of the rules being applied.
- Capability inventory: Uses the Bash tool to execute shell commands and performs file system modifications in project configuration directories.
- Sanitization: Absent. There is no validation or human-in-the-loop review of the rules before they are symlinked or copied into the agent's instruction path.
- [Persistence Mechanisms] (MEDIUM): By modifying the rules that govern the AI agent's environment, the skill establishes a form of logic persistence that survives the end of the current task, potentially affecting all subsequent interactions between the user and the agent.
Recommendations
- AI detected serious security threats
Audit Metadata