cli-builder
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs git repository management tasks, including branch creation and syncing with remote origins (
git fetch,git pull,git checkout). These actions are standard for development workflows. - [COMMAND_EXECUTION]: Implementation involves executing package management tools (npm, pip, go get, gem) and test runners. These operations are limited to the execution phase and are subject to the user's prior approval of the design and plan.
- [PROMPT_INJECTION]: The skill analyzes external project files such as manifest files (
package.json,pyproject.toml) and source code to determine the appropriate CLI structure, which is a surface for indirect prompt injection. - Ingestion points: Reads project manifest files and existing source code during the 'Analyze' phase (SKILL.md).
- Boundary markers: Uses a rigid, approval-gated 5-step process (Analyze, Design, Plan, Execute, Summarize) to ensure human oversight.
- Capability inventory: Authorized to create files, manage git branches, and run shell commands for testing and installation (SKILL.md, references/cli-libraries.md).
- Sanitization: Relies on user validation of the intermediate 'Design' and 'Plan' documents to prevent the execution of malicious or unintended logic derived from the analyzed project files.
Audit Metadata