markdownlint
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection. It processes untrusted data from user-controlled Markdown files and possesses the capability to modify the filesystem when the
--fixargument is used. Evidence Chain: 1. Ingestion points: Reads.mdand.qmdfiles from the workspace as defined in the usage examples. 2. Boundary markers: Absent; there are no instructions provided to the agent to treat file contents as untrusted data or to ignore embedded instructions. 3. Capability inventory: Executes themarkdownlint-cli2command and can perform file-system writes via the--fixflag. 4. Sanitization: None; external file content is passed directly to the tool's logic. - [COMMAND_EXECUTION] (LOW): The skill relies on executing shell commands to perform its core functions. While this is the intended behavior for a linter, it serves as the mechanism for potential side effects if the agent is manipulated by malicious content within the files being processed.
- [EXTERNAL_DOWNLOADS] (LOW): Recommends the installation of
markdownlint-cli2vianpmorbrew. Per the [TRUST-SCOPE-RULE], these are considered trusted package managers/registries, resulting in a Low severity for the download recommendation itself.
Recommendations
- AI detected serious security threats
Audit Metadata