builder-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell execution for commands such as
pnpm test,pnpm run typecheck, andgit commit. While standard for a developer workflow, this grants the agent the ability to execute code and test scripts present in the repository. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data ingestion patterns.
- Ingestion points: Reads phase files from spawn prompts, project rules from
~/.claude/rules/, and source code via glob patterns in Step 3. - Boundary markers: Absent. No delimiters or specific instructions are provided to the agent to treat file content as data rather than instructions.
- Capability inventory: Includes the ability to write to the filesystem, execute shell commands, and invoke other functional skills.
- Sanitization: No evidence of validation or filtering for the content of the files read during the workflow.
Audit Metadata