batch-lint-cleanup
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands including
nx,yarn, andgit. The user-provided<rule-name>is directly interpolated into the commandnx run-many -t lint:eslint -- --rule "<rule-name>: error" --fix. This presents a risk of command injection if the input contains shell metacharacters like;,|, or&. - [COMMAND_EXECUTION]: The skill performs repository-wide staging and commits using
git add -Aandgit commit. This allows the agent to commit any changes in the working directory, which could lead to accidental or malicious inclusion of unrelated code changes if the environment is not properly controlled. - [PROMPT_INJECTION]: The skill processes untrusted linting output from the codebase to generate reports and actionable recommendations, creating a surface for indirect prompt injection.
- Ingestion points: Lint violations are extracted from
/tmp/eslint-output.txt, which is generated from processing source code files. - Boundary markers: Absent; there are no delimiters used when the agent reads or displays the content of the lint output file to prevent instructions in code comments from being interpreted as agent commands.
- Capability inventory: The skill can execute arbitrary linting/build tasks via
nxand modify the git history viagit commit. - Sanitization: No validation or escaping is applied to the user-provided rule name or the content read from the lint report before it is used in subsequent shell commands.
Audit Metadata