Skills
skills/leokemp223/embed-ai-tool/build-iar/Gen Agent Trust Hub

build-iar

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/iar_builder.py executes the iarbuild.exe utility using subprocess.run. The implementation is secure as it passes arguments as a list and does not utilize a shell (shell=True), effectively preventing command injection.
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of .ewp XML project files (ingestion point: scripts/iar_builder.py). While this presents a surface for indirect prompt injection via build logs or parsed configuration, the script uses the standard xml.etree.ElementTree for parsing and does not expose sensitive capabilities to the data being processed.
  • [DATA_EXFILTRATION]: No network operations or unauthorized file access patterns were detected. The skill only interacts with local build tools and project files consistent with its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 06:24 AM