lint
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It processes untrusted external data (project files and pull request content) and has high-privilege capabilities including command execution (Phase 3: 'run tests') and repository modification (Phase 4: 'Create commit'). An attacker could embed malicious instructions within the codebase that the agent might obey while processing the files. * Evidence: Ingestion points in Phase 2; Boundary markers are absent; Capability inventory includes file-write (auto-formatting), git operations, and subprocess execution (tests).
- [COMMAND_EXECUTION] (MEDIUM): The skill identifies and runs tools based on 'detected languages'. This dynamic execution of local binaries and test suites is a standard requirement for linting but creates a vector for code execution if an attacker can influence the environment or provide malicious test scripts. * Evidence: Phases 2 and 3.
Recommendations
- AI detected serious security threats
Audit Metadata