verify
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local build and test scripts such as
npm run build,vitest, andjest. These are standard development tasks but involve running code defined in the project's own configuration files.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests output from compilers, linters, and grep searches.\n - Ingestion points: Tool outputs from build, typecheck, lint, and test processes, as well as raw file contents identified during grep-based secret and debug log audits.\n
- Boundary markers: Absent; the workflow summarizes output without applying delimiters or instructions to ignore embedded commands.\n
- Capability inventory: Subprocess execution of detected package managers and git commands.\n
- Sanitization: Absent; tool outputs are reported directly into the final summary without validation or filtering.
Audit Metadata