devtap-get-build-errors
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
scripts/get_build_errors.shexecutes thedevtapCLI. This is the core functionality of the skill and is implemented using safe shell practices, such as quoting variables ("$MAX_LINES") to prevent argument injection. - [DATA_EXPOSURE] (SAFE): While the skill reads build logs, it does so through a local command and does not attempt to exfiltrate this data to any external network or non-whitelisted domain.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external content (build logs) which could theoretically contain malicious instructions designed to influence the agent.
- Ingestion points: Build log output captured by
devtap draininscripts/get_build_errors.sh. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in the logs.
- Capability inventory: Subprocess execution of the
devtapbinary. - Sanitization: None detected; the agent is instructed to show raw logs verbatim upon request.
Audit Metadata