cpp-pro
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill provides code templates in
references/build-tooling.mdfor using CMakeFetchContentto download thefmtliblibrary from GitHub. While common in C++, this involves fetching code from a repository not explicitly included in the trusted list.\n- [COMMAND_EXECUTION] (LOW): The workflow and build references recommend running system-level commands for compilation, testing, and profiling (e.g.,cmake,clang-tidy,perf,valgrind). These are standard specialist tools but provide a vector for command execution on the host.\n- [INDIRECT_PROMPT_INJECTION] (LOW): Ingestion point: Local source code and build configuration files (e.g., CMakeLists.txt) are analyzed during the workflow. Capability inventory: Execution of build, analysis, and profiling tools. Boundary markers: Absent inSKILL.md. Sanitization: Absent. The skill identifies as an implementation specialist, creating a potential surface for indirect injection through malicious project files.
Audit Metadata