zig-best-practices
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download source code from external, third-party GitHub repositories (github.com/rockorager/zigdoc and github.com/rockorager/ziglint) that are not associated with the skill author or a verified organization.
- [REMOTE_CODE_EXECUTION]: Following the download, the skill provides commands to compile and install these external tools using
zig build install. This process executes build logic defined in the remote repository on the local system. - [COMMAND_EXECUTION]: The documentation contains shell commands for cloning repositories, navigating directories, and running build scripts (
git clone,cd,zig build). - [PROMPT_INJECTION]: The skill is designed to process external Zig files ("Must use when reading or writing Zig files"), which introduces a surface for indirect prompt injection if the processed files contain malicious instructions disguised as code or comments.
Audit Metadata