create-stateful-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python utility script to automate project setup.
- The primary instructions in
SKILL.mddirect the agent to runpython3 ./scripts/scaffold.pyto generate the physical directory structure and files. - The
scaffold.pyscript utilizes standard library functions likeos.makedirsand file write operations to create the requested components, and it usesos.chmodto set executable permissions on generated scripts. - [PROMPT_INJECTION]: The skill processes user-supplied strings to populate generated templates, creating an injection surface.
- The
scaffold.pyscript implements regex validation (re.match(r'^[a-z0-9-]+$', name)) for resource names, which prevents directory traversal or command injection via the name parameter. - User-provided descriptions are interpolated into generated files. While this creates a surface for indirect prompt injection in the resulting artifacts, this behavior is the primary intended function of the tool as a scaffolder and is recognized in the skill's own evaluation tests.
Audit Metadata