clang
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill operates by reading and analyzing user-provided source code files, which creates a potential surface for indirect prompt injection via embedded comments.
- Ingestion points: External C/C++ source files (e.g.,
src.c,src.cpp) processed by the agent. - Boundary markers: None specified; the instructions do not include specific delimiters or 'ignore' warnings for the data being compiled or analyzed.
- Capability inventory: The skill uses subprocess calls to execute
clang,clang-tidy, andllvm-profdata. - Sanitization: No sanitization or escaping of file content is described in the workflow.
- Dynamic Execution (SAFE): The skill provides instructions for the compilation and execution of binary files (e.g.,
clang ... -o prog_instand./prog_inst). This behavior is the primary and expected function of a compiler tool and does not represent a security violation in this context.
Audit Metadata