building-blocks
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard shell commands to manage the project's file structure and inspect local development content.
- Evidence in
SKILL.md: Commands includels blocks/for discovery,mkdir -pfor directory creation, andtouchfor file initialization. - [DATA_EXFILTRATION]: The skill describes patterns for fetching data from network sources, which is a functional requirement for web development but represents a potential data flow vector.
- Evidence in
SKILL.md: Use ofcurl http://localhost:3000/{test-content-path}to retrieve HTML for inspection. - Evidence in
resources/js-guidelines.md: Guidance on using thefetch()API to load JSON data from specified paths. - [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it directs the agent to ingest and process data from external or user-provided URLs.
- Ingestion points: The skill utilizes
curlinSKILL.mdandfetchinresources/js-guidelines.mdto bring external content into the execution context. - Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from following potential instructions embedded in the fetched test content.
- Capability inventory: The agent possesses capabilities for file system modification (
mkdir,touch) and further network operations (curl,fetch). - Sanitization: No content validation or sanitization steps are defined for the data retrieved from external URLs.
Audit Metadata