code-lint
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes shell commands derived from local configuration files (Makefile, justfile, Taskfile.yml, package.json) and scripts located in bin/ or .my/bin/ directories. This allows for the execution of arbitrary code defined within the local project environment.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from various documentation and configuration files to determine its execution logic.\n
- Ingestion points: Reads instructions from README.md, CONTRIBUTING.md, CLAUDE.md, AGENTS.md, GEMINI.md, CODEX.md, and project configuration files.\n
- Boundary markers: No delimiters or specific instructions are used to distinguish between system instructions and content from the processed files.\n
- Capability inventory: The agent has the capability to run shell commands and execute local scripts.\n
- Sanitization: There is no evidence of sanitization or validation of the commands extracted from the project files before they are executed.
Audit Metadata