scaffold-rules
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands, specifically for running the
bunxpackage runner. - [REMOTE_CODE_EXECUTION]: The skill invokes
bunx @plaited/development-skills, which downloads and executes a remote package from the NPM registry. This package is not from a source listed in the trusted vendors list or the author's known namespace. - [EXTERNAL_DOWNLOADS]: Uses
bunxto implicitly fetch external code and dependencies from the NPM registry during runtime. - [PROMPT_INJECTION]: The skill modifies instruction files used by other AI agents (
AGENTS.mdandCLAUDE.md), creating a surface for indirect prompt injection. The content generated by the external tool is written into these files, which can influence the behavior of other agents in the environment. - Ingestion points: Output from the
@plaited/development-skillsCLI tool. - Boundary markers: Employs
<!-- PLAITED-RULES-START -->and<!-- PLAITED-RULES-END -->tags. - Capability inventory: The skill has the ability to write to the local filesystem and modify persistent configuration files.
- Sanitization: No explicit sanitization or validation is performed on the rule content generated by the external package before it is applied to the files.
Audit Metadata