code-linting
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands found within the repository (e.g.,
npm run lint,make lint,ruff check) to perform code validation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it actively seeks out and follows instructions from untrusted local files to determine its execution logic.
- Ingestion points: Discovery of linter commands from
CLAUDE.md,.cursorrules,.ai-rules,AGENTS.md,AGENT.md,GEMINI.md,README.md,package.json,Makefile, andpyproject.toml. - Boundary markers: None present; the agent is instructed to directly adopt commands found in these files.
- Capability inventory: The agent can execute arbitrary shell commands as part of the linting process.
- Sanitization: No sanitization or validation of the discovered commands is performed before execution.
Audit Metadata