project-scaffold
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user input (project and organization names) through interactive prompts in scaffold.py. Given the skill's high-tier capabilities, this represents a significant injection surface. 1. Ingestion points: interactive prompts in scaffold.py; 2. Boundary markers: Absent from documentation; 3. Capability inventory: Extensive file system modification and execution of shell commands (e.g., bun install); 4. Sanitization: Not verifiable.
- [Command Execution] (HIGH): The skill instructs the agent to execute a local Python script (~/.claude/skills/project-scaffold/scripts/scaffold.py) that performs broad system-level operations.
- [Privilege Escalation] (MEDIUM): Troubleshooting steps explicitly direct the user to use chmod +x to manually elevate script execution permissions.
Recommendations
- AI detected serious security threats
Audit Metadata