cmake
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill demonstrates downloading external dependencies using CMake's
FetchContentmodule. It references repositories from trusted sources likegoogle/googletest. Per the [TRUST-SCOPE-RULE], these downloads are downgraded to LOW. - [COMMAND_EXECUTION] (SAFE): The skill provides standard
cmakeCLI commands for configuring, building, and installing projects. These are expected behaviors for a C/C++ build system skill. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect injection as it processes user-provided project data and generates build files.
- Ingestion points: The agent processes user queries about
CMakeLists.txtand project structures. - Boundary markers: No specific delimiters or "ignore instructions" warnings are used in the prompt templates.
- Capability inventory: The skill allows file creation (CMakeLists.txt) and execution of the
cmakebuild tool, which can run custom commands or download code. - Sanitization: No explicit sanitization or validation of user-provided dependency URLs or project names is performed before inclusion in generated files.
Audit Metadata