fix-clippy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill creates an indirect prompt injection surface. Ingestion points: The agent processes output from 'cargo clippy', which contains data derived from the project's source code. Boundary markers: No delimiters or specific instructions are present to distinguish this untrusted data from the agent's core instruction context. Capability inventory: The agent is empowered to modify project files ('fix manually') and execute commands ('make fix'). Sanitization: No sanitization of the tool output is performed before the agent acts on it.\n- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run 'make fix' and 'cargo clippy'. Running 'make' on an untrusted project is inherently risky as the 'Makefile' can contain arbitrary malicious shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata