msvc-build
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of standard developer documentation for the MSBuild tool. No malicious code, obfuscation, unauthorized network operations, or persistence mechanisms were detected.
- [COMMAND_EXECUTION]: The skill guides the agent in executing local system commands via
MSBuild.exeto compile software projects. This is the intended primary purpose of the skill and uses standard, well-documented parameters. - [PROMPT_INJECTION]: The skill includes functionality to analyze build output for error detection, which creates a surface for indirect prompt injection if the project source code being compiled is untrusted. 1. Ingestion points: MSBuild standard output and error messages (Step 4: Error Analysis). 2. Boundary markers: No specific delimiters are provided to distinguish log content from agent instructions. 3. Capability inventory: Access to local build command execution. 4. Sanitization: The skill does not define methods for sanitizing the build output before the agent processes it.
Audit Metadata