ln-622-build-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run standard build and quality checks (e.g., "npm run build", "pylint", "cargo test") as part of its auditing workflow.
- [EXTERNAL_DOWNLOADS]: The "diagram.html" file loads the Mermaid.js library from "cdn.jsdelivr.net", which is a well-known and trusted service.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from audited projects (ingestion points: configuration and source files) without explicit boundary markers or sanitization, and it has the capability to execute scripts via Bash. This vulnerability is inherent to the auditing of third-party codebases.
Audit Metadata