Skills
skills/sharex/xerahs/build-linux-binary/Gen Agent Trust Hub

build-linux-binary

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the build lifecycle.
  • It runs bash build/linux/package-linux.sh to initiate the main build and packaging process.
  • It uses pkill -f to terminate existing dotnet and build script processes, ensuring no file locks interfere with the build.
  • It uses rm -rf to clean up build artifacts (obj folders) during troubleshooting.
  • [EXTERNAL_DOWNLOADS]: The skill uses git submodule update --remote --merge to fetch and update the ShareX.ImageEditor dependency from its remote repository.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it relies on reading the contents of a build log file (build_output.log) to determine its next actions.
  • Ingestion points: Monitors build_output.log for status updates.
  • Boundary markers: Absent; the agent scans the log stream for specific status strings like 'Done!' or 'FAILED'.
  • Capability inventory: Includes shell command execution (bash), process management (pkill), and file system deletion (rm).
  • Sanitization: The skill does not sanitize or validate the content of the log file before searching for markers, creating a potential surface for instructions embedded in build output to influence the agent's logic flow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 08:38 PM
Security Audit — agent-trust-hub — build-linux-binary