javascript-typescript-typescript-scaffold
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides instructions for standard project initialization commands such as
npm install -g pnpm,mkdir,pnpm init, andgit init. These are necessary for the skill's functional purpose. - [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes official scaffolding templates (
pnpm create next-app,pnpm create vite) and standard npm packages. These are sourced from trusted registries and align with developer best practices. - [PROMPT_INJECTION] (LOW): The skill is identified as having an indirect prompt injection surface (Category 8) because it utilizes external user input to determine project structure and execution paths. 1. Ingestion points: User requirements analyzed in the 'Analyze Project Type' section. 2. Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands in the user-provided data. 3. Capability inventory: The skill facilitates shell command execution, directory creation, and file system writes throughout the instructions. 4. Sanitization: Absent; the instructions do not include validation or escaping for user-provided project names or requirement strings.
Audit Metadata