llvm-obfuscation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8) by instructing the agent to fetch content from an untrusted source to guide its behavior.
- Ingestion points:
SKILL.mdcontains instructions to fetch the latest tool and resource lists from a raw GitHub URL (https://raw.githubusercontent.com/gmh5225/awesome-llvm-security/refs/heads/main/README.md). - Boundary markers: Absent. The skill provides no instructions to treat the downloaded data as untrusted or to ignore any embedded directives within that data.
- Capability inventory: The skill assumes the agent has network access to fetch external documents and the ability to parse/output information based on that content.
- Sanitization: Absent. There is no requirement or logic provided to sanitize the ingested markdown before it enters the agent's context.
- EXTERNAL_DOWNLOADS (LOW): The skill relies on an external, untrusted GitHub repository (
gmh5225/awesome-llvm-security) for its primary data source. This repository is not part of the defined trusted organizations list. While it is a data fetch rather than direct code execution, it introduces a dependency on unverified third-party content.
Audit Metadata