Skills
skills/dvf/opinionated-django/dj-lint/Gen Agent Trust Hub

dj-lint

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run uv run commands for linting, formatting, and type-checking the codebase.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the pyrefly package, which is not a standard or well-known industry tool. Executing this via uv run involves downloading and running code from an external registry.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and acts upon untrusted data (the project source code) and has the capability to write changes back to the filesystem.
  • Ingestion points: Reads all files within the src directory during the linting and type-checking process.
  • Boundary markers: None. The instructions do not provide delimiters or instructions to ignore potential commands embedded in the code being analyzed.
  • Capability inventory: Includes the Edit tool for modifying source files and the Bash tool for executing commands.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the source code before it influences the agent's actions or modifications.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 01:58 PM