solo-build
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a variety of commands, including test runners, linters, build tools, and git. It also automatically installs git hooks (e.g., pnpm prepare, uv run pre-commit install, lefthook install) if they are detected but not active.\n- [COMMAND_EXECUTION]: The skill is instructed to prefer make targets if a Makefile exists (e.g., make test, make lint, make build, make integration), which leads to the execution of arbitrary commands defined in the project's Makefile.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests data from several untrusted sources within the project repository:\n
- Ingestion points: docs/plan//plan.md, docs/plan//spec.md, docs/workflow.md, CLAUDE.md, and any source code files found during research or research via MCP tools.\n
- Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are used when reading these files.\n
- Capability inventory: The agent has access to powerful tools including Bash, Write, Edit, and several MCP tools for code search and navigation (mcp__solograph__*).\n
- Sanitization: There is no evidence of sanitization or validation of the content read from the project files before it is processed as part of the implementation logic.\n- [SAFE]: The skill uses dynamic context injection (e.g., !git branch --show-current) in SKILL.md to provide the agent with repository status information at load time. These commands are informational and do not involve user-supplied arguments or sensitive data access.
Audit Metadata