solo-builder
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill includes several shell scripts (
context-recovery.sh,phase-tracker.sh,validate-phase.sh) that use standard Unix tools likegrep,sed, andcat. These scripts facilitate project state management and do not perform network operations, access sensitive user data, or attempt privilege escalation. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to its automated context recovery mechanism.
- Ingestion points:
scripts/context-recovery.shreads and echoes data fromdocs/MASTER_PLAN.md,docs/.phase-state.json, and phase-specificIMPLEMENTATION.mdorTEST_PLAN.mdfiles back to the agent. - Boundary markers: Absent; untrusted project content is interpolated into the agent's context without delimiters or explicit instructions to ignore embedded directives.
- Capability inventory: The skill possesses the ability to read and write files within the project directory and execute local bash scripts; it does not have network egress or high-level system permissions.
- Sanitization: Content read from the project documentation is not sanitized or escaped before being presented to the agent.
Audit Metadata