Skills
skills/akin-ozer/cc-devops-skills/makefile-validator/Gen Agent Trust Hub

makefile-validator

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's primary validation script, scripts/validate_makefile.sh, fetches the mbake package from the official Python Package Index (PyPI) at runtime. This download targets a well-known, trusted service and is performed within an isolated virtual environment.\n- [COMMAND_EXECUTION]: The skill executes local commands to perform its validation tasks, including python3 for virtual environment management, pip3 for dependency installation, and make -n --dry-run to verify the syntax of the targeted Makefile without executing its recipes.\n- [CREDENTIALS_UNSAFE]: An example file examples/bad-makefile.mk contains dummy API keys and passwords (e.g., sk-1234567890abcdef). These are clearly marked as anti-patterns and are used solely as test cases to demonstrate the linter's ability to detect hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:06 AM