llvm-security
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to fetch data from an untrusted source: 'https://raw.githubusercontent.com/gmh5225/awesome-llvm-security/refs/heads/main/README.md'. Under [TRUST-SCOPE-RULE], this is a finding because the user/repo is not in the trusted list.
- [PROMPT_INJECTION] (MEDIUM): The skill contains an Indirect Prompt Injection surface (Category 8).
- Ingestion points: External data enters the context from 'https://raw.githubusercontent.com/gmh5225/awesome-llvm-security/refs/heads/main/README.md'.
- Boundary markers: Absent. The content is directly processed to provide 'detailed information'.
- Capability inventory: The agent generates security-critical compiler flags, shell commands, and architectural advice.
- Sanitization: Absent. There is no logic to filter instructions from the data. This allows an attacker who controls the external repository to inject instructions that the agent might follow.
Audit Metadata