Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/code-formatter/Gen Agent Trust Hub

code-formatter

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash(cmd:*) to execute system commands for code formatting and analysis, including prettier, eslint, and find.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of well-known Node.js packages such as prettier, husky, and lint-staged via npm or npx to support its formatting workflows.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted code files and has the authority to modify files and execute bash commands.
  • Ingestion points: File content is accessed via Read, Grep, and Glob tools.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate processed code from the agent's logic.
  • Capability inventory: The skill has access to Bash, Write, and Edit tools which could be exploited if malicious instructions are found in code comments.
  • Sanitization: No sanitization or validation of the file content is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:10 AM