Nova Resource Builder
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to execute local artisan commands and scripts like
./scripts/dev.sh. Evidence: Usage ofphp artisanand./scripts/dev.shcommands. Risk: Relies on the integrity of local scripts. - [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface as it processes local project files. 1. Ingestion points: Reads PHP files using Read, Grep, and Glob. 2. Boundary markers: Absent. 3. Capability inventory: Write, Edit, and Bash. 4. Sanitization: Absent. Risk: Malicious project files could attempt to influence agent behavior.
Audit Metadata