makefile-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The 'install' target template creates persistent symlinks in '~/bin' and suggests modifying shell profiles to source scripts. Evidence: 'install' target uses 'ln -s "$(SOURCE_PATH)" "$(INSTALL_PATH)"'.
- Dynamic Execution (LOW): The Makefile template includes a 'test' target that executes './test.sh', which can result in code execution when testing untrusted repositories. Evidence: 'test: ## Run tests' executes './test.sh'.
- Indirect Prompt Injection (LOW): The 'Audit Mode' ingests external Makefile content to generate reports. Evidence: 1. Ingestion Point: Makefile targets and comments. 2. Boundary Markers: None. 3. Capability: Generation of audit reports. 4. Sanitization: None.
Audit Metadata