project-structure-enforcer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes a 'PreToolUse' hook to execute a shell command ('run-hook.mjs') on every 'Write' or 'Edit' tool invocation. This ensures code execution is tied to user-driven file activities.
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Risk (Category 8).
- Ingestion points: File paths and file content passed through 'Write' and 'Edit' tools as specified in the hook matcher in SKILL.md.
- Boundary markers: None specified to differentiate between structural data and potential instructions during the validation phase.
- Capability inventory: Execution of 'run-hook.mjs' via shell command, which has the power to block agent actions (exit 1).
- Sanitization: No sanitization logic is visible in the provided metadata; the safety of the operation depends entirely on an external script ('skill/structure-location-validator') not included in this analysis.
Recommendations
- AI detected serious security threats
Audit Metadata