Skills
skills/simota/agent-skills/builder/Gen Agent Trust Hub

builder

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from webhooks and external APIs, creating a surface for indirect prompt injection as described in references/external-integration.md. This is mitigated by the required use of Zod or Pydantic for structural validation and safeParse at boundaries. Mandatory Evidence: 1. Ingestion: references/external-integration.md. 2. Boundary: Delimiters and safeParse. 3. Capability: API mutations and file operations. 4. Sanitization: Schema-based validation.
  • [DATA_EXFILTRATION]: Network calls are restricted to intended API integrations with well-known services like Stripe and GitHub, with credentials managed safely via environment variables.
  • [COMMAND_EXECUTION]: Uses standard development and build tools like Node.js, Go, and Python (uv) for testing and project implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 01:01 AM
Security Audit — agent-trust-hub — builder