build-skill
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses local shell commands for workflow management and validation, including 'git rev-parse' for environment detection, 'mktemp' for temporary directory creation, and 'pnpm validate' for final output verification.
- [PROMPT_INJECTION]: Step 4 explicitly instructs the agent to 'skip architect-reviewer and security-auditor' during the technical review phase, removing important security oversight from the skill generation process.
- [COMMAND_EXECUTION]: The skill writes generated executable files to sensitive global or project-specific directories (~/.claude/skills/ or .claude/skills/), creating persistent new agent behaviors.
- [PROMPT_INJECTION]: The process is vulnerable to indirect prompt injection via the user-supplied 'args' specification which is used to generate the final skill code without sanitization. * Ingestion points: 'args' parameter in SKILL.md. * Boundary markers: None identified. * Capability inventory: File system writes and shell command execution through background agents. * Sanitization: No validation or filtering is performed on the input specification before generation.
Audit Metadata