coding-standards
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill uses
WebFetchto ingest content from external URLs (e.g.,llvm.org,rust-lang.github.io,eslint-config.antfu.me) which are not within the defined trusted scope. This content is used to guide the agent's code modifications and reviews. Since the skill also has capabilities to execute local scripts and modify the filesystem, a malicious update to these remote guides could lead to unauthorized system changes. - Ingestion points:
SKILL.md(Step 2 fetches external guide content). - Boundary markers: Absent.
- Capability inventory:
scripts/setup-commitlint.shcan install packages, write files, and change permissions. - Sanitization: Absent.
- Persistence Mechanisms (HIGH): The
scripts/setup-commitlint.shscript creates a.git/hooks/commit-msgfile. Git hooks are a form of persistence that automatically execute specified commands (in this case,npx --no -- commitlint) whenever git operations occur. - External Downloads (MEDIUM): The script
scripts/setup-commitlint.shperforms automated installation of external Node.js packages (@commitlint/cli,@commitlint/config-conventional) via the local package manager. These dependencies are not pinned or verified by the skill. - Command Execution (MEDIUM): The skill script
scripts/setup-commitlint.shexecutes several shell commands to modify the repository environment, includingchmod +xto change file permissions for the created git hook.
Recommendations
- AI detected serious security threats
Audit Metadata