Skills
skills/mathews-tom/praxis-skills/agent-builder/Gen Agent Trust Hub

agent-builder

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and install required CLI tools via a shell script from the official domain https://claude.ai/install.sh piped directly to bash. This is a standard installation procedure for the service.
  • [EXTERNAL_DOWNLOADS]: Fetches documentation and project resources from established official sources including github.com/anthropics, code.claude.com, and claude.ai.
  • [COMMAND_EXECUTION]: Demonstrates the use of the Bash tool for agent automation, explicitly recommending the use of pattern-matching permission rules (e.g., allowedTools "Bash(git status)") to restrict executable commands to a safe subset.
  • [PROMPT_INJECTION]: The skill identifies and addresses an indirect prompt injection surface by providing architectural patterns for agents that process untrusted external data.
  • Ingestion points: Processes codebase content, file data, and external inputs via the Read and Grep tools.
  • Boundary markers: Promotes the use of structured JSON schemas and specific system prompts to enforce constraints on model outputs.
  • Capability inventory: Uses tools with high capabilities including Bash (shell access), Edit (file writing), and Read (file access).
  • Sanitization: Implements deterministic control flow via HookMatcher to validate tool inputs and block destructive operations (e.g., rm -rf) before they are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 11:29 AM