lint-markdown
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill provides a workflow where the agent must read file content to perform manual fixes for linting errors. This creates a significant attack surface where malicious content within the Markdown file could override agent instructions.
- Ingestion points: Local Markdown file content read during Step 3.
- Boundary markers: Absent; there are no instructions to the agent to treat file content as untrusted data or use delimiters.
- Capability inventory: The agent has the ability to execute shell commands (markdownlint-cli2) and modify the filesystem (via the Edit tool mentioned in the workflow).
- Sanitization: Absent; the content is handled as raw text for manual correction.
- [Command Execution] (LOW): The skill executes the
markdownlint-cli2command. While file paths are quoted to prevent basic shell injection, the capability allows the agent to interact with the filesystem based on input parameters.
Recommendations
- AI detected serious security threats
Audit Metadata