biome-lint-format
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructions direct users to install content from an untrusted GitHub repository (
ItalyPaleAle/skills). This source is not included in the predefined list of trusted organizations or repositories. - [COMMAND_EXECUTION] (LOW): The skill is designed to execute system commands including package installation (
pnpm install,npx skills add) and file system modifications (writingbiome.json, updatingpackage.json). These are consistent with its stated purpose but represent a significant capability set. - [PROMPT_INJECTION] (MEDIUM): This skill exhibits a HIGH-tier Indirect Prompt Injection surface. It is designed to ingest and process untrusted external data (project source code in JS, TS, JSON, and CSS formats) while possessing the capability to modify the filesystem and install packages.
- Ingestion points: Project source files (JS, TS, JSX, TSX, JSON, CSS).
- Boundary markers: No explicit delimiters or 'ignore instructions' warnings are mentioned in the provided documentation.
- Capability inventory: devDependency installation, writing
biome.json, modifyingpackage.jsonscripts, and updating VS Code workspace settings. - Sanitization: No sanitization or validation of the ingested code content is documented.
Audit Metadata