script-builder

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various shell commands to perform syntax checking and validation of generated scripts. This includes running bunx tsc, npx tsc, ruff, and shellcheck (Step 6). Additionally, the skill executes the newly created scripts during the 'Iterate on Failures' phase (Step 9) to verify their functionality.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It constructs scripts and documentation based on 'gathered intent' (Step 3) and a retrospective scan of recent tool-use history (Step 1). If an attacker can influence the session history or provide malicious intent, they could induce the agent to generate harmful code or inject persistent malicious instructions into the project's CLAUDE.md or AGENTS.md files through the automatic documentation feature (Step 7).
  • [DYNAMIC_EXECUTION]: The core logic of the skill involves assembling executable scripts from local templates (typescript.ts.tmpl, python.py.tmpl, bash.sh.tmpl) and then executing them. While templates provide a safety structure, the {{TEST_BODY}} is dynamically generated from user input. The 'Autopilot' mode further reduces human oversight by auto-escalating to script execution unless specific side-effects are detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 08:41 PM
Security Audit — agent-trust-hub — script-builder