discover-ir
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Metadata Poisoning (MEDIUM): The skill's name and description claim it is for 'LLVM IR' and 'compiler optimization' (Intermediate Representation). However, the skills it provides (e.g.,
ir-vector-search,ir-ranking-reranking) are actually for Information Retrieval. This is a deliberate mismatch designed to trigger the skill in an unrelated context. - Indirect Prompt Injection / Context Steering (MEDIUM): By triggering on low-level compiler keywords (SSA, LLVM IR), the skill steers the agent to load documentation for search algorithms. This can pollute the agent's context and lead to incorrect or irrelevant suggestions during specialized coding tasks.
- Unverifiable File Access (LOW): The skill instructs the agent to read files from
<cc-polymath-root>/skills/ir/, a path that is not standard and relies on an assumed environment variable or local structure, making the behavior unverifiable without the full environment.
Audit Metadata