shellcheck-configuration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill provides instructions to clone from 'https://github.com/koalaman/shellcheck.git' and run 'make build'. Because the repository is not owned by an organization on the explicit trusted list, this download-and-execute pattern is flagged as medium severity.
- Privilege Escalation (MEDIUM): The skill contains instructions to use 'sudo apt-get' and 'make install', which involve acquiring elevated permissions to install software and build binaries.
- Indirect Prompt Injection (SAFE): 1. Ingestion points: The skill describes scripts that find local '.sh' files (find . -name '*.sh'). 2. Boundary markers: None. 3. Capability inventory: Executes static analysis via the 'shellcheck' binary. 4. Sanitization: None. This is marked as SAFE because the capability is limited to read-only static analysis and does not involve executing the contents of the analyzed files.
Audit Metadata