build-fix
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to execute project-specific build and verification tools (e.g.,
tsc,mypy,cargo check,go vet). It is instructed to run these commands to collect errors and verify fixes. This creates a risk if the project environment or build configuration is malicious, as the skill will execute those defined commands. - [PROMPT_INJECTION]: The skill instructions contain a 'Guidance Alignment' section that directs the agent to 'Treat newer user task updates as local overrides for the active workflow branch,' which establishes a behavioral pattern of allowing instruction overrides during a session.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to its core workflow of processing untrusted data.
- Ingestion points: The agent reads external source code files and the stdout/stderr output from build tools (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when reading external content.
- Capability inventory: The skill has significant capabilities, including the ability to execute shell commands and modify file contents across the repository (SKILL.md).
- Sanitization: There is no mention of sanitizing or validating error messages or code comments before they are processed by the agent's logic.
Audit Metadata