Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/makefile-generator/Gen Agent Trust Hub

makefile-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest and act upon untrusted user input regarding 'makefile generator' tasks while having access to high-privilege tools.
  • Ingestion points: User requests, patterns, and best practice inquiries provided in natural language (SKILL.md).
  • Boundary markers: Absent. There are no instructions to the agent to treat user data as data only or to ignore embedded instructions.
  • Capability inventory: Includes Bash, Write, Edit, Read, and Grep. This allows for arbitrary shell command execution and file system modification (SKILL.md).
  • Sanitization: Absent. There are no defined constraints or validation steps to ensure user-provided 'patterns' do not contain malicious shell commands or escape sequences.
  • Command Execution (HIGH): The skill explicitly requests Bash tool access. In the context of a 'generator' that acts on user prompts, this poses a risk of Remote Code Execution (RCE) if the agent interprets part of a user's request as a command to be executed in the shell.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:21 AM