pre-deploy
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to ingest and process data from the target repository, including configuration files (like
package.jsonorpyproject.toml) and the output of various CLI tools.\n - Ingestion points: Data enters the agent's context through file reading and command output capture in scripts like
lint-check.shandbuild-run.sh.\n - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when processing external data, increasing the risk that the LLM might follow instructions embedded within project files.\n
- Capability inventory: The skill possesses powerful capabilities, including arbitrary shell command execution (
Bash) and file modification (Edit,Write).\n - Sanitization: There is no evidence of sanitization or strict validation for the data ingested from the repository before it is presented to the LLM.\n- [COMMAND_EXECUTION]: The skill's primary functionality involves executing shell commands to run build and lint processes. While these are restricted to the local environment and generally target standard project scripts (e.g.,
npm run build), a compromised or malicious repository could define these scripts to perform unauthorized actions.
Audit Metadata