oxlint
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to execute shell commands such as
npx oxlint,npm run lint, andnpx @oxlint/migrate. These operations are standard for development environments and essential for the skill's primary purpose of code linting and maintenance. - [EXTERNAL_DOWNLOADS]: The skill uses
npxandnpm installto download and run theoxlintpackage and its plugins from the official npm registry. These are legitimate downloads from a well-known service required for the linter to function. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes configuration and source files from the local project (Category 8).
- Ingestion points: Reads local files including
package.json,.oxlintrc.json, and source code files (.ts,.js, etc.) to perform detection and linting. - Boundary markers: No specific delimiters or instructions to ignore embedded instructions within the project files are provided.
- Capability inventory: The skill possesses the ability to execute subprocesses via the command line for linting and migration tasks.
- Sanitization: No explicit sanitization or validation of the contents of the project files is implemented before they are processed by the linter.
Audit Metadata