markdown
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill recommends installing 'markdownlint-cli2' globally via npm. This is a standard developer tool, but because the source and package are not within the explicitly defined trusted list, it is noted as a low-risk external dependency finding.
- [Command Execution] (LOW): The skill includes instructions to execute the 'markdownlint-cli2' command on local files, including recursive glob patterns and an '--fix' flag. These commands are standard for the tool's purpose and do not exhibit malicious intent.
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for processing external data (markdown files). While these files could contain malicious instructions, 'markdownlint-cli2' is a static analysis tool that does not interpret or execute the content of the files, resulting in a low risk of obedience to injected instructions.
Audit Metadata