project-builder
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool and shell commands to run, verify, and debug generated code, such as task scripts and backend servers. This is standard functionality for a project engineering tool. - [EXTERNAL_DOWNLOADS]: Documentation and code patterns include references to fetching data from established external APIs (e.g., OpenRouter, Twelvedata) and loading visualization libraries from well-known CDNs like jsDelivr and D3js.org.
- [PROMPT_INJECTION]: The skill addresses the inherent risk of indirect prompt injection in code generation by enforcing a 'Design Gate' in Phase 1. This requires the agent to present a plan and obtain explicit human confirmation before proceeding to write or modify any software.
Audit Metadata