ln-741-linter-configurator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it reads existing project configuration files to determine its setup logic.
- Ingestion points: Phase 1 instructions direct the agent to read files such as pyproject.toml, eslint.config.*, and .prettierrc.
- Boundary markers: The skill does not provide delimiters or instructions to ignore embedded commands within these files.
- Capability inventory: The skill performs file system modifications, package installations (npm, pip, uv), and shell script execution.
- Sanitization: No sanitization or validation of the content of the ingested configuration files is performed before processing.
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of numerous third-party packages for Python and Node.js.
- Evidence: Phase 3 and Phase 6 specify the installation of tools like eslint, ruff, and mypy from official registries.
- Risk Factor: Rule 7 explicitly forbids pinning dependency versions, which is a security anti-pattern that increases the risk of supply chain attacks by always fetching the latest, potentially unvetted package versions.
- [COMMAND_EXECUTION]: The skill generates and executes shell scripts.
- Evidence: Phase 4 generates scripts/lint.sh and uses chmod +x to make it executable.
- Evidence: The generated lint.sh script utilizes the eval command to execute dynamically constructed linter tool commands.
Audit Metadata