project-skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill's workflow involves analyzing external codebase context, which presents a surface for indirect prompt injection. Malicious instructions in the codebase could influence the agent's logic when designing or implementing new skills. Ingestion points: Codebase architecture and tech stack patterns (SKILL.md Step 1). Boundary markers: None identified. Capability inventory: Bash, Write, Edit, Glob, Grep, WebSearch, WebFetch. Sanitization: None described.
- COMMAND_EXECUTION (SAFE): The skill is authorized to use the Bash tool for project analysis and deployment. No specific malicious shell commands are included in the skill definition.
- NO_CODE (SAFE): The skill consists entirely of documentation and metadata; no scripts, binaries, or executable code blocks are provided.
Audit Metadata