build-fix
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes arbitrary project-defined commands (e.g.,
tsc,mypy,cargo check,go vet, and the project's own build command). A malicious actor could manipulate project configuration files likepackage.jsonorMakefileto include malicious scripts that would then be executed by the agent. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from the source code and build logs it is tasked to fix. Because there are no boundary markers or sanitization processes, malicious instructions hidden in code comments or string constants could trick the LLM (Sonnet) into performing unauthorized file modifications or command executions beyond the scope of a 'build fix'.
- [DATA_EXFILTRATION] (LOW): The skill necessarily reads source code and sends it to the model provider (Anthropic/Sonnet) for analysis. While not a malicious exfiltration pattern, users must be aware that private code is transmitted to an external service for processing.
Recommendations
- AI detected serious security threats
Audit Metadata