compile-compcert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk surface by having the agent ingest and parse external files. • Ingestion points: 'configure' script, README, and INSTALL files from the downloaded source. • Boundary markers: Absent; there are no instructions to isolate or treat external file content as untrusted. • Capability inventory: Includes 'apt-get', 'opam', and 'make' subprocess calls, plus execution of compiled binaries. • Sanitization: None.
- Command Execution (MEDIUM): Includes commands that modify system state ('apt-get') and explicitly disables security sandboxing via 'opam init --disable-sandboxing'.
- Dynamic Execution (MEDIUM): Instructions include compiling a C program and running the resulting local binary ('/tmp/test') as a verification step, which executes code built at runtime from potentially untrusted configurations.
Recommendations
- AI detected serious security threats
Audit Metadata