Skills
skills/perdolique/workflow/markdownlint/Gen Agent Trust Hub

markdownlint

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill modifies file permissions to enable git hooks.
  • Evidence: The script in references/setup.md uses chmod +x .husky/pre-commit to ensure the linting hook is executable.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and installs external packages and uses public CI/CD actions.
  • Evidence: pnpm add -D markdownlint markdownlint-cli in SKILL.md and references/setup.md installs dependencies from the npm registry.
  • Evidence: references/integration.md includes GitHub Actions and GitLab CI configurations that download official actions and tools (actions/checkout, pnpm/action-setup, actions/setup-node).
  • [PROMPT_INJECTION]: The skill introduces an indirect prompt injection surface by modifying persistent project instructions.
  • Ingestion points: AGENTS.md (created or modified in references/setup.md).
  • Boundary markers: Absent in the generated AGENTS.md content; instructions are appended as plain markdown.
  • Capability inventory: The skill utilizes shell command execution via pnpm and markdownlint as documented in SKILL.md and references/setup.md.
  • Sanitization: Absent; content is written directly to the file as static strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:03 PM