build
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
mthds-agentCLI tool throughout the build process to perform validation, conversion, and assembly tasks. Examples includemthds-agent pipelex conceptfor schema validation andmthds-agent pipelex assemblefor bundle creation in themthds-wip/directory. These operations are consistent with the vendor's (mthds-ai) documented infrastructure. - [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface as it processes user requirements into pipeline instructions.
- Ingestion points: Untrusted data enters the context through user-defined input concepts (Phase 3) and processing transformations (Phase 5).
- Boundary markers: The skill explicitly uses
@variablefor delimited block insertion and$variablefor inline interpolation as defined in the 'Quick Reference' section. - Capability inventory: Capabilities include shell command execution via the
mthds-agentbinary and remote model inference via PipeLLM operators. - Sanitization: The process includes a mandatory validation step (
mthds-agent pipelex validate) in Phase 9 to verify bundle integrity prior to execution.
Audit Metadata