code-formatter-installer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the agent to install several packages via npm and pip and references external GitHub repositories for pre-commit hooks (psf/black, pycqa/isort, astral-sh/ruff-pre-commit). As these sources do not fall under the defined 'Trusted External Sources' whitelist, they are treated as unverifiable dependencies.
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell commands like 'npx husky init' and 'pre-commit install'. These commands modify the local environment and establish persistent Git hooks that execute code automatically during the git commit process.
- PROMPT_INJECTION (LOW): The skill processes local project files (e.g., package.json) to 'detect the stack'. This is a surface for indirect prompt injection where malicious content in those files could influence the agent's tool selection or configuration logic. Evidence: 1. Ingestion points: project files like package.json and directory structure. 2. Boundary markers: Absent. 3. Capability inventory: file-write, npm/pip installation, shell execution. 4. Sanitization: Absent.
Audit Metadata