Skills
skills/starchild-ai-agent/official-skills/project-builder/Gen Agent Trust Hub

project-builder

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes local Python and Bash scripts to construct and test user-requested software projects. This behavior is the intended primary purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: Project templates reference well-known financial APIs (CoinGecko, TwelveData) and visualization libraries (Chart.js, ApexCharts, D3.js) from established CDNs.
  • [DATA_EXFILTRATION]: Outbound communication is managed through a platform proxy (sc-proxy) with mandatory caller-id tracking for credit limits and observability.
  • [PROMPT_INJECTION]: The skill processes external data (Ingestion: financial APIs in references/build-patterns.md) and possesses code execution capabilities (Capability inventory: bash and python3 in SKILL.md and scripts). It mitigates injection risks via Boundary markers (the 'Template Pattern' recommended in references/build-patterns.md to isolate script data from LLM prose) and Sanitization (validation logic for numerical inputs).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 12:18 PM