build-api
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes git, gh, pnpm, and python3 for standard development tasks such as repository management, issue tracking, and testing. These commands are executed locally and interact with the project's official GitHub repository.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading GitHub issue data to guide API implementation. Ingestion points: gh issue view fetches issue titles and bodies from GitHub. Boundary markers: No explicit instructions or delimiters are used to separate issue content from system instructions. Capability inventory: The skill can perform shell commands, modify files, and commit changes. Sanitization: There is no automated validation or sanitization of the issue content before it is processed by the agent.
Audit Metadata