build-tools-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection (Category 8) because it is designed to ingest and analyze untrusted external files (e.g., project code and build configurations) provided by the user.
- Ingestion points: Operations on files or paths defined in the input schema's 'target' parameter and code provided for best-practice reviews.
- Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings for the data being analyzed.
- Capability inventory: The skill has access to a powerful toolset including Bash, Write, Edit, Read, Grep, and Glob.
- Sanitization: No sanitization or validation logic is defined to check the content of processed files.
- [COMMAND_EXECUTION]: The skill includes instructions to execute shell commands using the Bash tool, specifically for the 'Memory Protocol' to read local context files ('cat .claude/context/memory/learnings.md').
Audit Metadata