makefile-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is the generation of Makefiles that contain numerous shell commands for tasks such as installing dependencies (e.g., npm install, pip install), running tests, and managing Docker containers. These commands are intended for manual execution by the developer.
- [COMMAND_EXECUTION]: Templates within the skill include the use of the GNU Make shell function to dynamically determine project variables, such as extracting the application version from local metadata files like package.json.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it generates executable build scripts based on user-provided project requirements and context. * Ingestion points: User prompts in SKILL.md defining project types and necessary targets. * Boundary markers: None are implemented to isolate user-provided data from the generated command logic. * Capability inventory: The resulting Makefiles facilitate execution of any system command accessible to the make utility. * Sanitization: The skill does not perform explicit validation or escaping of user-provided strings interpolated into the generated Makefile.
Audit Metadata