plankton-code-quality
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires downloading its core logic and configuration from an external GitHub repository (github.com/alexfazio/plankton.git) which is not verified.
- [COMMAND_EXECUTION]: The skill configures PreToolUse and PostToolUse hooks that automatically trigger shell scripts and spawn nested AI agent subprocesses (claude -p) with file-write capabilities on every file modification.
- [PROMPT_INJECTION]: The architecture creates a surface for indirect prompt injection by processing untrusted code snippets from edited files and passing them to an automated repair subprocess. * Ingestion points: File edits and linter violations processed by multi_linter.sh. * Boundary markers: None identified for the violation JSON content fed to the subprocess. * Capability inventory: Includes file-write access and execution of various linting/formatting binaries. * Sanitization: No sanitization of code content or linter messages before passing to the LLM subprocess.
Audit Metadata