code-formatter
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted external data (source code) and has the capability to write to the local filesystem, creating a significant attack surface. * Ingestion points: Source code files read via the Read tool (SKILL.md). * Boundary markers: Absent; there are no instructions to ignore embedded commands or use delimiters. * Capability inventory: The Write tool allows the agent to modify the filesystem (SKILL.md). * Sanitization: Absent; no logic is provided to filter or escape instructions found within code comments.
- Command Execution (MEDIUM): The skill is designed to run external CLI tools such as Prettier and ESLint. Malicious configuration files (e.g., .eslintrc.js) in a target directory could lead to arbitrary code execution if the agent environment executes these tools without strict sandboxing.
Recommendations
- AI detected serious security threats
Audit Metadata