build-tools-expert
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The memory protocol in SKILL.md directs the agent to use the Bash tool to read from
.claude/context/memory/learnings.md. This is a design pattern for state continuity within the agent environment and is not a security risk. - [PROMPT_INJECTION]: The skill processes untrusted user code for refactoring and reviews, which is a potential surface for indirect prompt injection. 1. Ingestion points: User-provided source code files. 2. Boundary markers: Absent. 3. Capability inventory: File system access and shell execution via allowed tools (Read, Write, Edit, Bash). 4. Sanitization: None provided. This exposure is typical for assistant skills and carries low risk.
- [SAFE]: No obfuscation, hardcoded credentials, or remote code execution patterns were found in the skill's scripts or documentation.
Audit Metadata