requirements-builder
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses basic shell commands (
mkdir,touch) to initialize its working directory and tracking files during the setup phase. - [DATA_EXFILTRATION]: The skill performs codebase analysis and utilizes web search capabilities to research best practices. This creates a potential surface where internal code context could be transmitted to external search services, though this is a standard behavior for research-oriented agents.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it autonomously reads and processes content from the local codebase.
- Ingestion points: Systematically reads codebase files in Phase 1 and Phase 3 to understand project architecture and implementation patterns.
- Boundary markers: The instructions lack specific delimiters or guardrails to prevent the agent from obeying instructions that might be embedded within code comments or documentation files in the analyzed repository.
- Capability inventory: The skill possesses the ability to read and write to the local file system and perform web searches.
- Sanitization: No explicit sanitization or filtering of codebase content is mentioned before the data is used to inform the agent's logic.
Audit Metadata