skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Bash scripts (analyze-requirements.sh, generate-template.sh, validate-skill.sh) that perform local file system operations, such as creating directories and writing files. It also dynamically creates an example script and sets it as executable (chmod +x), which is standard behavior for a scaffolding tool.
- [PROMPT_INJECTION]: The SKILL.md instructions utilize strong persona-hardening techniques, including 'EXECUTIVE MANDATE', 'NONNEGOTIABLES', and constraints to 'NEVER reveal internal thinking blocks'. While intended to ensure output consistency, these are common patterns used in prompt manipulation.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process user-provided JSON requirements to generate code and documentation, creating a surface for indirect injection.
- Ingestion points: User-provided requirements.json via analyze-requirements.sh and SKILL.md inputs.
- Boundary markers: JSON schema and YAML frontmatter validation rules.
- Capability inventory: File system read/write, bash script execution, and search tool access (searxng_searxng_web_search).
- Sanitization: Validation is performed on name formats and description lengths, but comprehensive sanitization of free-text inputs for code generation is not present.
- [EXTERNAL_DOWNLOADS]: The documentation references official repositories and tools from the vercel-labs organization, which is a trusted source.
Audit Metadata