makefile-review
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The module 'plugin-dogfood-checks.md' instructs the agent to execute multiple scripts not included in the skill package, such as 'makefile_dogfooder.py', 'scripts/validator.py', and 'scripts/cli.py'. These represent unverifiable external dependencies that execute arbitrary code within the user's environment. The '--apply' flag for 'makefile_dogfooder.py' also indicates automated modification of local files.\n- [COMMAND_EXECUTION]: The skill uses various shell commands ('git status', 'rg', 'make -pn', 'awk', 'grep') to map context and inspect the Makefile database. This involves direct interaction with the system shell and local repository state.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted Makefile content.
- Ingestion points: Makefile and '.mk' files identified via recursive search in the project directory.
- Boundary markers: No delimiters or safety instructions are provided to prevent the agent from executing malicious commands embedded within the Makefiles being audited.
- Capability inventory: Extensive execution capabilities, including running 'make' targets and executing the unprovided 'makefile_dogfooder.py' script which is designed to run 'ACTUAL functionality'.
- Sanitization: There is no evidence of sanitization or validation of Makefile content before it is used to generate commands or targets.
Audit Metadata