Skills
skills/mohitmishra786/low-level-dev-skills/cmake/Gen Agent Trust Hub

cmake

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (LOW): The skill utilizes CMake's FetchContent module to download source code from external repositories (SKILL.md, references/templates.md).
  • Evidence: Downloads googletest from https://github.com/google/googletest.git (Trusted Organization) and zlib from https://github.com/madler/zlib.git.
  • Risk assessment: These are standard libraries from reputable sources. The severity is low as these operations are intrinsic to the primary purpose of a build system skill.
  • Privilege Escalation (SAFE): The documentation mentions system-level installation (SKILL.md).
  • Evidence: cmake --install build --prefix /usr/local.
  • Risk assessment: This is a standard operation and does not explicitly use sudo or unsafe permission changes.
  • Indirect Prompt Injection (LOW): The skill defines a surface for processing user-controlled build logic and executing commands (SKILL.md).
  • Ingestion points: User-provided CMakeLists.txt content and build-related queries.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via cmake for configuration, building, and installation.
  • Sanitization: None mentioned for user-provided paths or variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 06:15 PM