fix-eslint
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes file paths and linting error messages from the local filesystem and interpolates them directly into prompts for sub-agents via the
Tasktool.\n - Ingestion points:
analyze_errors.shextracts file paths frompnpm lintoutput, which are then passed to sub-agents via theTasktool prompt.\n - Boundary markers: The prompts generated for sub-agents in Step 4.2 lack explicit delimiters or instructions to ignore embedded instructions within the file list or error descriptions.\n
- Capability inventory: The skill and its sub-agents have significant capabilities, including code modification (
Edit), shell execution (Bash), and agent orchestration (Task).\n - Sanitization: No sanitization or escaping is performed on the extracted filenames or error messages before they are interpolated into the natural language prompts for the
Tasktool.\n- [Command Execution] (LOW): Theanalyze_errors.shscript usesxargswithout the-0flag (null delimiter), making it sensitive to filenames containing spaces or shell metacharacters.\n - Evidence: The command
echo "$FILES_WITH_ERRORS" | xargs -n1 dirnamewill incorrectly split filenames containing spaces, leading to potential script failure or the processing of unintended directory paths if a project contains maliciously named files.
Audit Metadata