Skills
skills/plaited/development-skills/scaffold-rules/Gen Agent Trust Hub

scaffold-rules

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (HIGH): The skill invokes bunx @plaited/development-skills, which downloads and executes code from the npm registry at runtime.
  • Evidence: Found in SKILL.md: bunx @plaited/development-skills scaffold-rules.
  • Risk: The @plaited scope is not on the trusted organizations list. Executing unverified third-party code allows for arbitrary command execution on the host system.
  • Indirect Prompt Injection (LOW): The skill is designed to modify AGENTS.md and CLAUDE.md, which are used to provide instructions to AI models (e.g., Cursor or Claude).
  • Ingestion points: The skill writes to AGENTS.md and references it in CLAUDE.md.
  • Boundary markers: Uses <!-- PLAITED-RULES-START --> and <!-- PLAITED-RULES-END --> to delimit content.
  • Capability inventory: The skill uses the Bash tool to perform these modifications.
  • Sanitization: No explicit sanitization or validation of the rules content is visible in the skill definition, as the logic resides in the external package.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:08 PM