Skills
skills/codyswanngt/lisa/plan-fix-linter-error/Gen Agent Trust Hub

plan-fix-linter-error

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill performs shell command construction using unvalidated user input. Evidence: In Step 2 (Verification), the command bun run lint 2>&1 | grep -E "($ARGUMENTS)" | wc -l directly interpolates $ARGUMENTS. Risk: An attacker providing input like rule-name); malicious_command; # could achieve arbitrary code execution on the host system.
  • [PROMPT_INJECTION] (MEDIUM): The skill lacks input validation or sanitization for the $ARGUMENTS variable, making it susceptible to indirect prompt injection where data processed (the rules) can manipulate the agent's shell execution. Ingestion points: $ARGUMENTS variable. Boundary markers: Absent. Capability inventory: Bash execution. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:57 PM