quality-check
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill uses coercive and authoritative language to hijack agent autonomy. Phrases such as '⚠️ MANDATORY', 'ZERO TOLERANCE', 'FORBIDDEN', and 'NEVER run linters manually' are direct attempts to override the agent's default operational guidelines and force compliance with a specific, potentially compromised workflow.
- INDIRECT_PROMPT_INJECTION (HIGH): The skill has a massive attack surface (Category 8).
- Ingestion points: Commands like
ruff check .andeslint .read the entire repository. - Capability inventory: The agent is instructed to 'auto-fix' and 'fix manually' any issues found, which involves file-write operations and potential execution of project scripts.
- Sanitization/Boundary Markers: There are no instructions to sanitize linter output or treat repository code as untrusted, meaning malicious instructions embedded in code comments could be executed or obeyed during the 'Fix-Rerun Loop'.
- COMMAND_EXECUTION (MEDIUM): The skill encourages the execution of project-defined scripts (e.g.,
make lint,npm run lint). If a repository is malicious, these scripts provide a direct path to arbitrary command execution on the host system under the guise of a quality check.
Recommendations
- AI detected serious security threats
Audit Metadata