pre-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes loca l developmen t tools such as npm, yarn, pnpm, bun, cargo, and pytho n module s based on the detected project stack. It executes command strings defined within loca l project configuratio n files such as
package.json.\n- [COMMAND_EXECUTION]: Scripts utilizenode -eto dynamically evaluate smal l JavaScrip t snippet s for parsing project metadata and verifying the presence of specific build script s.\n- [PROMPT_INJECTION]: The skill present s a surface for indirect prompt injectio n becaus e it read s and proces s es untrusted data from project configuratio n files which could contain malicio us instructio ns or command s.\n - Ingestio n points:
package.json,Cargo.toml,pyproject.toml, and other stack-specific config files.\n - Boundary markers: No boundary markers or instructio n separator s are used whe n proces s ing the se config uratio n s.\n
- Capability inventory: The skill has acces s to shell executio n (
Bash), file reading (Read), and file modificatio n (Edit).\n - Sanitizatio n: The skill does not sanitize or validate the content of the script s or build step s ret rieve d from the config uratio n files before executio n.
Audit Metadata