Skills
skills/gsd-build/gsd-2/lint/Gen Agent Trust Hub

lint

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple command-line tools including git, npx, cargo, go, ruff, and black. These tools are used to identify changed files, check for linting errors, and apply code formatting.
  • [EXTERNAL_DOWNLOADS]: Employs npx for executing JavaScript tools such as ESLint and Biome. By default, npx may fetch and execute packages from the npm registry if they are not present in the local environment.
  • [PROMPT_INJECTION]: The skill processes external data from project source files and the output of various linting tools. This content is interpolated into markdown reports, which presents a surface for indirect prompt injection if an attacker controls the source code or tool configuration to produce malicious output.
  • Ingestion points: Project source files (via git diff) and stdout/stderr from linters/formatters.
  • Boundary markers: The skill does not explicitly define markers to isolate tool output from the agent's instructions.
  • Capability inventory: Execution of subprocesses via npx, cargo, go, etc., and file-system read operations.
  • Sanitization: No explicit sanitization or escaping of external tool output is defined before display.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 11:48 AM