build-fix
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute shell commands such as 'npm run build' or 'pnpm build' using the Bash tool to verify code integrity.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection (Category 8) because it processes untrusted data from build error logs to determine subsequent actions.
- Ingestion points: Error output and compiler messages generated by 'npm run build' or 'pnpm build'.
- Boundary markers: No delimiters or safety instructions are used to distinguish between legitimate error data and potential instructions embedded within the logs.
- Capability inventory: The skill has access to powerful tools including 'Bash' (command execution), 'Edit' (file modification), and 'Read' (file access).
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of error logs before proposing or applying fixes.
Audit Metadata