llvm
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill contains standard shell commands for the LLVM toolchain, including compilation (
clang), optimization (opt), and assembly generation (llc). These commands are necessary for the skill's intended purpose and do not use elevated privileges. - [DATA_EXPOSURE & EXFILTRATION] (SAFE): The analysis found no evidence of sensitive data access or exfiltration. The skill operates on local source files provided by the user.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns of remote code execution or downloading of external scripts were identified.
- [INDIRECT PROMPT INJECTION] (LOW): This skill defines an attack surface by processing untrusted data (C source code and LLVM IR) through compiler utilities.
- Ingestion points: Files like
src.c,src.ll, andsrc.bcare read and processed. - Boundary markers: None identified.
- Capability inventory: Subprocess execution of
clang,opt,llc, andllvm-disinSKILL.md. - Sanitization: None identified. Maliciously crafted source files could potentially exploit vulnerabilities in the underlying toolchain, though this is a standard risk for development-related skills.
Audit Metadata