linemark
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection. The instructions in
SKILL.mddirect the agent to 'Address each comment' returned by the tool's output. Because these comments are entered by the user in a web UI and processed as instructions, they could be used to steer the agent towards unauthorized actions.\n - Ingestion points: Review comments returned by the
linemarkserver via stdout after the user completes the review in the browser.\n - Boundary markers: Absent; the agent is not instructed to treat the feedback as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The agent is given file-write and development capabilities to resolve the issues raised in the comments.\n
- Sanitization: No sanitization is performed on the feedback text before it is presented to the agent.\n- [EXTERNAL_DOWNLOADS]: The skill's instructions in
SKILL.mdexecute the review tool directly from GitHub usingnpx github:gdaybrice/linemark. This results in the download and execution of the author's code at runtime as the intended delivery mechanism.\n- [COMMAND_EXECUTION]: Theserver.mjsscript executes multiple git commands usingexecSyncandexecFileSyncto retrieve repository data (diffs, logs, etc.). It also executes a system command to open the user's default web browser.
Audit Metadata