code-standards
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The SKILL.md file contains commands using
bun x ultracite. This executes a package from a public registry that is not included in the trusted organizations or repositories list. This represents an unverified dependency risk as the package is downloaded and executed at runtime. - [COMMAND_EXECUTION] (MEDIUM): The skill invokes system commands (
bun x ultracite fix,check, anddoctor) to perform its primary tasks. These commands execute code from the downloaded package on the host system. - [PROMPT_INJECTION] (LOW): The skill acts as a code reviewer, which is a surface for indirect prompt injection. Malicious instructions hidden in user-provided code (the untrusted data) could attempt to influence the agent's behavior during analysis.
- Ingestion points: Code files reviewed for standards (referenced in SKILL.md).
- Boundary markers: Absent; no delimiters or ignore-instructions markers found in the rule files.
- Capability inventory: Subprocess execution via
bun x(SKILL.md). - Sanitization: None detected in the provided rule set.
Audit Metadata