shellcheck-configuration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the official ShellCheck repository on GitHub (
koalaman/shellcheck) and standard system package managers (apt-get,brew). While the organizationkoalamanis not on the explicit trusted whitelist, ShellCheck is a well-known, industry-standard tool for shell script linting. - [COMMAND_EXECUTION] (SAFE): Examples provided include standard shell commands for installation, configuration, and linting. No unauthorized or suspicious command execution patterns were found.
- [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent safety protocols, extract system prompts, or bypass content guidelines were detected.
- [DATA_EXFILTRATION] (SAFE): No evidence of hardcoded credentials (API keys, tokens) or unauthorized network requests to non-whitelisted domains. References to shell configuration files (e.g.,
.bashrc) are within the legitimate context of configuring the tool. - [INDIRECT_PROMPT_INJECTION] (SAFE): The skill possesses an attack surface as it is designed to analyze external shell scripts. However, the risk is negligible as it utilizes static analysis rather than execution.
- Ingestion points: Processes shell scripts (
*.sh) via filesystem search. - Boundary markers: None explicitly defined in the provided markdown instructions.
- Capability inventory: Invokes the
shellcheckbinary via subprocess calls for linting. - Sanitization: Relies on the static analysis tool's internal parser to handle script content safely.
Audit Metadata