prettier
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill identifies shell commands from within the repository's files (scripts in package.json, targets in Makefile, or arbitrary text in CLAUDE.md) and executes them directly.\n- Indirect Prompt Injection (HIGH): The skill processes untrusted external data (repository contents) and uses it to determine its next action (command execution).\n
- Ingestion points: package.json, CLAUDE.md, Makefile (SKILL.md Step 2).\n
- Boundary markers: None. The skill implicitly trusts content found in these files as valid commands.\n
- Capability inventory: Execution of arbitrary bash commands (SKILL.md Step 3).\n
- Sanitization: None. There is no verification that the command is limited to 'prettier' or contains malicious flags/redirection.\n- REMOTE_CODE_EXECUTION (HIGH): By allowing the repository's state to define executable commands, the skill enables an attacker to achieve code execution if they can influence the codebase (e.g., via a Pull Request).
Recommendations
- AI detected serious security threats
Audit Metadata