ln-781-build-verifier
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands to build projects and manage dependencies.
- Evidence: Triggers CLI tools including
npm,yarn,pnpm,dotnet,pip,poetry,go,cargo,mvn, andgradlebased on file markers in the project root. - [EXTERNAL_DOWNLOADS]: Fetches software components and configuration from external sources.
- Evidence: Restores project dependencies by downloading packages from public registries such as npmjs.org, PyPI, NuGet, and Crates.io.
- Evidence: The
diagram.htmlfile loads the Mermaid.js library from the JSDelivr CDN. - [REMOTE_CODE_EXECUTION]: Executes build-time scripts which may contain arbitrary code.
- Evidence: Build processes for several supported languages (e.g., Node.js lifecycle scripts or Python's
setup.py) involve the execution of code defined within the untrusted project files. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the analysis of project metadata.
- Ingestion points: Scans the project root directory and reads marker files such as
package.json,pyproject.toml, andCargo.tomlinSKILL.md. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded malicious content within the detected project files.
- Capability inventory: Features extensive subprocess execution capabilities across multiple runtimes and compilers.
- Sanitization: No sanitization or validation logic is defined for the content of the project markers before they influence command execution.
Audit Metadata