static-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing 'compiledb' via pip to handle Make-based projects. This is a common developer utility for generating compilation databases but involves a standard external dependency download.
- [COMMAND_EXECUTION] (SAFE): All executed commands (cmake, clang-tidy, cppcheck, scan-build) are appropriate for the stated purpose of static analysis and hardening.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and analyze source code. While this creates an attack surface for indirect prompt injection (e.g., via malicious code comments), it is a necessary part of the skill's primary function and follows standard analysis patterns.
- Ingestion points: Reads C/C++ source files and compile_commands.json.
- Boundary markers: None explicitly defined for the analysis results.
- Capability inventory: Subprocess execution of analysis tools and build systems.
- Sanitization: None specified for tool output processing.
Audit Metadata