agent-folder-init
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scaffold.py) to generate the folder structure. This script performs file system operations such as creating directories and writing template files to the project root. - [COMMAND_EXECUTION]: The skill generates numerous slash command templates (e.g.,
/analyze-codebase,/clean,/validate) that instruct AI agents to perform shell operations liketree,grep,find, andgitfor codebase analysis and maintenance. - [PROMPT_INJECTION]: The skill scaffolds specialized agent persona files (e.g.,
senior-backend-engineer.md) that contain 'MANDATORY READING' instructions. These instructions use authoritative framing to steer the agent's behavior and enforce project-specific coding standards. - [SAFE]: The scaffolding script includes a directory traversal check (
is_relative_to(cwd)) to ensure it does not write files outside the intended project directory without explicit user consent via the--allow-outsideflag. - [SAFE]: No network exfiltration, remote code downloads, or multi-layered obfuscation patterns were detected in the source code or templates.
Audit Metadata