lint-and-validate
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development and security tools (npm, npx, ruff, bandit, mypy) through subprocesses to perform code analysis and security auditing.
- [PROMPT_INJECTION]: The skill identifies an indirect injection surface as it executes commands defined in the project's configuration files (e.g., package.json), which is standard behavior for development tools. Ingestion points: package.json (scripts/lint_runner.py); Boundary markers: Absent; Capability inventory: subprocess execution (scripts/lint_runner.py); Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The skill utilizes npx to run linters and type checkers, which may fetch tools from the official npm registry as needed.
Audit Metadata