Skills
skills/mohitmishra786/low-level-dev-skills/conan-vcpkg/Gen Agent Trust Hub

conan-vcpkg

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill includes instructions to clone the vcpkg repository from https://github.com/microsoft/vcpkg.git. This falls under the [TRUST-SCOPE-RULE] as Microsoft is a trusted organization, and the download is essential to the skill's primary purpose.
  • COMMAND_EXECUTION (SAFE): The workflow utilizes standard build and package management commands (cmake, conan, pip install, ./vcpkg/bootstrap-vcpkg.sh). These operations are consistent with C++ development environments and do not attempt privilege escalation or access to sensitive user data.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill processes structured configuration files like vcpkg.json and conanfile.txt. While these files originate from external project directories, the skill uses standard parsing logic. Evidence chain:
  • Ingestion points: vcpkg.json, conanfile.txt, CMakeLists.txt.
  • Boundary markers: None explicitly defined in snippets.
  • Capability inventory: Build system execution (cmake), package installation (conan install).
  • Sanitization: Standard build tool validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 11:05 AM