skills/adobe/skills/building-blocks/Gen Agent Trust Hub

building-blocks

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use standard shell commands to manage the project's file structure and inspect local development content.
  • Evidence in SKILL.md: Commands include ls blocks/ for discovery, mkdir -p for directory creation, and touch for file initialization.
  • [DATA_EXFILTRATION]: The skill describes patterns for fetching data from network sources, which is a functional requirement for web development but represents a potential data flow vector.
  • Evidence in SKILL.md: Use of curl http://localhost:3000/{test-content-path} to retrieve HTML for inspection.
  • Evidence in resources/js-guidelines.md: Guidance on using the fetch() API to load JSON data from specified paths.
  • [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it directs the agent to ingest and process data from external or user-provided URLs.
  • Ingestion points: The skill utilizes curl in SKILL.md and fetch in resources/js-guidelines.md to bring external content into the execution context.
  • Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from following potential instructions embedded in the fetched test content.
  • Capability inventory: The agent possesses capabilities for file system modification (mkdir, touch) and further network operations (curl, fetch).
  • Sanitization: No content validation or sanitization steps are defined for the data retrieved from external URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 07:35 AM
Security Audit — agent-trust-hub — building-blocks