build

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is build automation, mapping project names to predefined just commands. This is consistent with its stated purpose of building ESP32 projects.
  • [PROMPT_INJECTION]: The error analysis phase involves processing build output, which constitutes an indirect prompt injection surface. 1. Ingestion points: Build output from just commands. 2. Boundary markers: Absent. 3. Capability inventory: Bash(just:*) and Bash(docker:*) tools defined in the frontmatter. 4. Sanitization: Absent. The skill is at low risk as it performs standard log analysis for build troubleshooting.
  • [COMMAND_EXECUTION]: The skill uses allowed tools to execute containerized builds via just and docker. The commands are executed based on explicit logic mapping user input to static command strings, preventing arbitrary command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:45 AM
Security Audit — agent-trust-hub — build