dev-builder
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard developer workflow, utilizing legitimate tools and registries such as npm, yarn, pip, and maven. It correctly suggests using environment variables (e.g.,
OPENAI_API_KEY) for sensitive credentials rather than hardcoding them.\n- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it is designed to ingest and act upon data from an untrusted external file (Product-Spec.md). While this is a functional requirement for a developer agent, it is documented here as an inherent architectural risk.\n - Ingestion points: The skill reads the
Product-Spec.mdfile in Step 1 to determine project requirements.\n - Boundary markers: No specific delimiters or instructions are provided to the agent to treat the PRD content as untrusted or to ignore embedded instructions within that file.\n
- Capability inventory: The agent has the capability to write files, install packages via shell commands, and execute code via the
/rundirective.\n - Sanitization: There is no evidence of sanitization or validation of the input from the product specification file before it is used to generate code or execute commands.
Audit Metadata