Skills
skills/j5ik2o/okite-ai/custom-linter-creator/Gen Agent Trust Hub

custom-linter-creator

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the execution of several system-level commands to build and run linters. This includes cargo dylint --all for Rust, npx eslint . for TypeScript, pylint for Python, and go build followed by binary execution for Go.
  • [REMOTE_CODE_EXECUTION]: The core workflow involves generating source code (e.g., .rs, .js, .py, .go files) that implements linting logic and then executing that code. For Rust and Go, the skill compiles this agent-generated code into libraries or binaries which are dynamically loaded and executed by the linter framework.
  • [PROMPT_INJECTION]: The skill is specifically designed to output "AI-friendly" error messages that function as instructions for the agent to modify the codebase. This creates an indirect prompt injection vector where malicious or poorly defined rules could trick the agent into performing harmful code modifications during the automated fix process.
  • [EXTERNAL_DOWNLOADS]: To function, the skill guides the agent to add and download dependencies from public registries. These include dylint_linting and clippy_utils from crates.io, eslint from npm, and pylint from PyPI. These are well-known tools within their respective ecosystems.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 04:52 PM