eslint-detector
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. Ingestion points: CLAUDE.md, package.json, and Makefile in the target repository. Boundary markers: Absent; the instructions do not specify delimiters or instructions to ignore embedded commands within the ingested files. Capability inventory: The skill identifies and extracts strings to be used in shell commands (npx, npm run, make) by the quality-gates-linter agent. Sanitization: Absent; the skill extracts the 'exact commands' mentioned in the files without validation or filtering for malicious shell operators.
Audit Metadata