compile-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script 'analyze_compile.sh' executes a dynamically generated command string using 'eval'. \n
- Evidence: Line 140 in 'scripts/analyze_compile.sh' executes 'eval "$ENHANCED_CMD"'. Because this command is parsed from build artifacts and output from other scripts, it presents a risk of command injection if the input file names or build configurations are maliciously crafted. \n- Unverifiable Dependency (MEDIUM): The skill depends on an external script, 'get_compile_command.py', which is not included in the provided source files. \n
- Evidence: 'scripts/analyze_compile.sh' calls this script on lines 94 and 126 to extract and 'enhance' compilation commands. The logic for how these commands are constructed cannot be verified for safety without the source of this script. \n- DYNAMIC_EXECUTION (MEDIUM): The script facilitates the creation of new shell scripts at runtime for future execution. \n
- Evidence: Lines 108-118 in 'scripts/analyze_compile.sh' implement a '--save-script' feature that writes compilation commands to a new '.sh' file in the 'out' directory, which increases the attack surface for persistent or delayed execution.
Audit Metadata