llvm-learning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (LOW): The skill contains a 'Getting Detailed Information' section that directs the agent to fetch and process content from an external, untrusted URL (
https://raw.githubusercontent.com/gmh5225/awesome-llvm-security/refs/heads/main/README.md). This establishes an indirect prompt injection surface. - Ingestion points: The agent is explicitly told to fetch resource lists from an external GitHub repository.
- Boundary markers: There are no instructions provided to the agent to treat the fetched content as data rather than instructions, nor are there delimiters to separate external content from the system prompt.
- Capability inventory: The skill's context involves complex developer operations like compiler toolchain usage (clang, opt, llc) and shell command execution, increasing potential impact if the agent is subverted.
- Sanitization: No sanitization or validation of the fetched markdown content is performed.
- [External Downloads] (LOW): The skill references and promotes multiple third-party repositories and external documentation sources from unverified authors (e.g.,
gmh5225,banach-space,hunterzju). These repositories do not belong to the defined list of trusted organizations.
Audit Metadata