bazel
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute the Bazel CLI for building, testing, and running compiled binaries (e.g.,
bazel build //...,bazel run //src:main). These commands are standard for a build system utility and operate within the expected scope of the skill's purpose. - [EXTERNAL_DOWNLOADS]: The skill demonstrates how to use
MODULE.bazelto fetch external dependencies from the Bazel Central Registry, such as Abseil and GoogleTest. These references target well-known open-source projects. - [DATA_EXFILTRATION]: The skill includes configurations for remote execution and caching (
--remote_executor,--remote_cache). While these features involve transmitting build metadata and artifacts to external servers, the provided examples use well-known services like Google Cloud Remote Build Execution (remotebuildexecution.googleapis.com) or generic placeholders. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface where the agent is instructed to process output from build queries using shell tools. • Ingestion points: Output from
bazel aqueryis piped tojqin the workflow. • Boundary markers: No explicit boundary markers or 'ignore' instructions are used for the tool output. • Capability inventory: The skill enables building and running arbitrary code defined in the project. • Sanitization: No sanitization of the queried build graph data is demonstrated. This is noted as an inherent risk of build system automation.
Audit Metadata