build-inspector
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a purely analytical instruction set for evaluating build system topologies. It does not contain executable code, external network requests, or credential access.- [PROMPT_INJECTION]: Evaluated the surface for indirect prompt injection via build configuration files.
- Ingestion points: The skill instructs the agent to locate and read build configuration files (e.g., Cargo.toml, package.json, go.mod, requirements.txt) using the find_by_name tool.
- Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded prompts within the files being read.
- Capability inventory: The skill is limited to information gathering and reporting; it does not utilize dangerous capabilities like shell execution, network operations, or file system modifications.
- Sanitization: No explicit sanitization of file content is performed, as the skill operates as a structural analysis tool rather than an execution engine.
Audit Metadata