eslint-fix
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes npx eslint and a local bash script to perform code analysis. The execution is restricted by the skill's tool definition to specific linting commands.
- [EXTERNAL_DOWNLOADS]: The use of npx may trigger the download of the eslint package from the official npm registry. As a well-known service and the intended tool for the task, this is documented neutrally as a safe operation.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the agent reads and processes untrusted project files. 1. Ingestion point: Source code files read during the linting process. 2. Boundary markers: No specific markers are used to delimit code from instructions. 3. Capability inventory: The agent has Bash execution and File Write permissions. 4. Sanitization: Content is not sanitized before analysis.
Audit Metadata