tilt
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents functions such as local(), local_resource(), and custom_build() that execute shell commands on the host system. This is intended functionality for a build and deployment automation tool.\n- [EXTERNAL_DOWNLOADS]: The skill references the Tilt extension ecosystem, which downloads scripts from the official Tilt GitHub repository (github.com/tilt-dev/tilt-extensions). This is a well-known service associated with the primary tool.\n- [PROMPT_INJECTION]: The skill describes an attack surface for indirect prompt injection. 1. Ingestion points: read_file, k8s_yaml, helm, and kustomize (documented in references/api-reference.md). 2. Boundary markers: No explicit markers or instruction-ignoring warnings are implemented for processed content. 3. Capability inventory: Shell command execution via local(), local_resource(), and custom_build() (documented in SKILL.md and references/api-reference.md). 4. Sanitization: No explicit sanitization or escaping of external content is mentioned in the configuration API.
Audit Metadata