solo-build
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary shell commands and build targets specified in the project's
Makefileanddocs/workflow.md. It also invokes standard development toolchains (git, npm, uv) based on the project's detected stack. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests instructions from
plan.mdanddocs/workflow.mdwhich directly influence agent behavior and CLI command construction. • Ingestion points:docs/plan/*/plan.md,docs/workflow.md,Makefile. • Boundary markers: No delimiters or ignore-instructions markers are used for external plan content. • Capability inventory: UtilizesBash,Write, andEdittools to modify the filesystem and run code. • Sanitization: Does not perform validation or sanitization on commands read from project documentation. - [EXTERNAL_DOWNLOADS]: The skill automatically installs development dependencies and git hooks using package managers (
pnpm,npm,uv) when they are found to be inactive.
Audit Metadata