biome
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Documentation in
references/docs/guides/manual-installation.mdinstructs users to download binaries directly from GitHub releases and execute them (curl ... -o biome && chmod +x biome). While the source is a reputable project, executing unverified binaries bypasses standard package integrity checks. - PRIVILEGE ESCALATION (MEDIUM): The script
scripts/scrape_biome_docs.pysuggests using the--break-system-packagesflag withpip, which allows overriding OS-level protections against global package installation. Additionally, installation guides recommend usingchmod +xon downloaded binaries, granting them execution rights. - COMMAND_EXECUTION (LOW): The skill relies on executing various CLI commands through package managers (
npx,pnpm,yarn,bun) and system utilities (jq,curl). This is consistent with the skill's purpose but requires shell access. - PROMPT_INJECTION (LOW): An indirect prompt injection surface exists as the skill provides a script to scrape external documentation from
biomejs.devfor storage in the agent's reference library. - Ingestion points:
scripts/scrape_biome_docs.pyfetches data frombiomejs.dev. - Boundary markers: Absent; scraped content is saved as raw markdown files without explicit delimiters or warnings to the agent.
- Capability inventory: Extensive shell command execution capabilities provided by the skill's primary workflows.
- Sanitization: The scraping script cleans formatting but does not filter for potential malicious instructions embedded in the documentation.
Audit Metadata