lint-audit
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill runs several development tools like
tsc,eslint,ruff, andmypyusing shell commands. This is intended behavior for a linting audit tool but involves executing potentially untrusted binaries if the project environment is compromised. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Processes commit messages via
git logand source code content viafindandcatfor SLOC calculation. - Boundary markers: No explicit delimiters or instructions are used to separate ingested content from the agent's logic.
- Capability inventory: Extensive local command execution capabilities (
npx,git,bash,find). - Sanitization: No sanitization is performed on the data read from the repository before it is processed by the agent.
- [DATA_EXFILTRATION] (SAFE): While the skill accesses project files and history, there are no network operations or indicators of data being sent to external domains.
Audit Metadata