lint
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Category 4] (SAFE): The skill utilizes
shellcheckandactionlint. These are standard, well-known linting utilities. There are no patterns suggesting the installation of untrusted packages or the execution of remote scripts. - [Category 2] (SAFE): The skill's scope is limited to reading filenames via
git diffand reading file content for linting. No sensitive directories (e.g.,~/.ssh,~/.aws) are accessed, and there is no network code present to exfiltrate data. - [Category 5] (SAFE): All commands are executed with standard user privileges. No use of
sudo,chmod, or other privilege-altering commands was detected. - [Category 8] (LOW): The skill ingests untrusted data in the form of filenames from the local git repository. While filenames could theoretically be crafted to impact shell expansion, the use of
[[ -f "$script" ]]and quoting within the loops provides standard protection against basic filename-based injection.
Audit Metadata