makefile-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests data from untrusted local project files to populate Makefile templates. Ingestion points: reads from pyproject.toml, Cargo.toml, and package.json. Boundary markers: None are specified in the prompt interpolation logic. Capability inventory: Uses the Write tool to create the Makefile and the Bash tool to execute make commands. Sanitization: No explicit sanitization or escaping of project metadata is documented before it is written to the executable Makefile.
- [Command Execution] (SAFE): The skill runs 'make help' to verify the generated file. This is intended behavior for a development workflow skill and does not appear to use unvalidated external input for the command itself.
Audit Metadata