code-quality-auditor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to run 'pnpm lint', 'pnpm typecheck', and 'pnpm lint:css'. These commands execute scripts defined in the local 'package.json' file. If an agent performs this on an untrusted repository, it leads to arbitrary command execution through build lifecycle hooks.
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external code without safety boundaries. Ingestion points: Source code files and configuration files (package.json, eslintrc) provided for auditing. Boundary markers: Absent; there are no instructions to treat the inputs as untrusted data or use a sandbox. Capability inventory: Local shell execution via the pnpm package manager. Sanitization: Absent; the skill directly invokes tools that parse and execute logic based on the input files.
- [Metadata Poisoning] (MEDIUM): The author is listed as 'GitHub Copilot', which is a product name and may be used to mislead users into believing the skill is an official, pre-verified tool from GitHub.
Recommendations
- AI detected serious security threats
Audit Metadata