repo-scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill logic is focused on local filesystem management and template generation, with no evidence of network operations, external data exfiltration, or remote code execution.
- [SAFE]: Implements a protective scanning step that identifies existing repository files and presents a conflict list to the user, ensuring that no existing code or configuration is overwritten without consent.
- [SAFE]: Maintains high user oversight by requiring the agent to present a full execution plan and obtain explicit confirmation before performing any write operations.
- [SAFE]: Promotes repository security and hygiene by generating standard files such as SECURITY.md, CODEOWNERS, and a robust .gitignore that explicitly excludes environment variables and other sensitive local files.
- [SAFE]: While the skill reads local project metadata (e.g., version strings from package.json) to populate templates, the risk of indirect prompt injection is minimal given the utility's specific focus on standard configuration files and the requirement for user review of all generated content.
Audit Metadata