The Agent Skills Directory

Category 4: External Downloads (LOW): The skill instructs the agent to fetch supplemental data from an untrusted external URL: https://raw.githubusercontent.com/gmh5225/awesome-llvm-security/refs/heads/main/README.md. As this organization is not in the trusted sources list, the content of this file cannot be verified and may change without notice.
Category 8: Indirect Prompt Injection (LOW): There is a potential indirect prompt injection surface.
Ingestion points: The agent is explicitly told to fetch and process data from the external GitHub URL provided in the 'Resources' and 'Getting Detailed Information' sections.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are provided for the content retrieved from the external URL.
Capability inventory: The skill demonstrates high-privilege capabilities including C++ compilation (clang++), loading and executing shared libraries (clang -load), and Python-based debugger automation via LLDB.
Sanitization: There is no evidence of sanitization or validation of the content fetched from the remote repository before it is presented to or acted upon by the agent.
Category 10: Dynamic Execution (LOW): The skill provides instructions for loading dynamic shared libraries (.so files) into the compiler via the -load flag. While this is the standard and intended method for Clang plugin development (the primary purpose of the skill), it is a mechanism for arbitrary code execution if a user is directed to build and load a malicious plugin.

llvm-tooling