adk-tool-scaffold
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): Path Traversal in scripts/scaffold_tool.py. The script accepts a ToolName from user input and uses it directly to construct a filename (output_filename = f'{tool_name}Tool.py') without sanitizing path traversal characters like '../'. An attacker could cause the agent to create new files in sensitive directories. The severity is reduced to LOW because the script uses os.path.exists() to prevent overwriting existing files.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. 1. Ingestion point: The parameter provided by the user in SKILL.md. 2. Capability: The script has the ability to write files to the local file system. 3. Sanitization: No input validation is performed to ensure the tool name is alphanumeric or follows safe naming conventions. 4. Boundary markers: There are no explicit instructions to ignore control characters or path segments in the tool name.
Audit Metadata