building-agents-core
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The construction workflow ingests user-defined requirements to generate and execute local Python code.\n
- Ingestion points: User descriptions of node logic, tool requirements, and agent goals provided during the construction process.\n
- Boundary markers: None; instructions do not prescribe the use of delimiters or 'ignore instructions' warnings for the generated code.\n
- Capability inventory: Direct file-write access to
agent.pyandnodes/__init__.py, and command execution through themcp__agent-builder__add_mcp_servertool.\n - Sanitization: Absent; the skill facilitates immediate file writes based on user approval without logic validation or output escaping.\n- [Dynamic Execution] (LOW): The skill documents the registration and execution of local Python scripts as MCP servers.\n
- Evidence: Instructions for using
mcp__agent-builder__add_mcp_serverto launch subprocesses with arbitrary commands and arguments.\n - Context: This behavior is downgraded to LOW as it is central to the skill's primary purpose of building and managing agent services.
Audit Metadata