lint-and-validate
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The scripts/lint_runner.py script executes standard development tools such as npm, npx, ruff, and mypy to perform project validation. These commands are invoked safely using subprocess.run with list arguments.
- [DATA_EXPOSURE]: The skill accesses project configuration files like package.json and pyproject.toml and source code files to detect project types and analyze type coverage. This access is necessary for the skill's primary function.
- [PROMPT_INJECTION_INDIRECT]: The skill's behavior can be influenced by project configuration files it reads. For example, a malicious package.json could define a 'lint' script that executes unintended commands. 1. Ingestion points: scripts/lint_runner.py reads package.json and scripts/type_coverage.py reads source code. 2. Boundary markers: Absent. 3. Capability inventory: scripts/lint_runner.py executes shell commands via subprocess.run. 4. Sanitization: No sanitization of configuration data before execution.
Audit Metadata