build-actions-generator
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is authored by a known vendor (ionic-team) and implements legitimate development workflows for the OutSystems platform.
- [COMMAND_EXECUTION]: The skill instructs the agent to use python3 -m json.tool or jq to validate the integrity and syntax of the generated JSON configuration. This is a local safety check to prevent malformed output.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted local files to derive configuration. 1. Ingestion points: Reads input-contract.yaml, plugin.xml, and native source files from the project directory. 2. Boundary markers: Absent. 3. Capability inventory: File system writes to build-actions/ and local command execution for validation. 4. Sanitization: Implements syntax validation using standard JSON tools.
Audit Metadata