markdown-guidelines
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies (HIGH): The script
validate-markdown.shutilizesnpx -y markdownlint-cli2. This command fetches and executes the package from the npm registry at runtime without version pinning or integrity verification, which is a potential remote code execution vector if the package or registry is compromised. - Indirect Prompt Injection (HIGH): The skill is designed to ingest and process external data (markdown files) and has the capability to modify those files.
- Ingestion points: File content from the
<filename>argument is read and processed by the linter. - Boundary markers: Absent. There are no instructions or delimiters to prevent the agent from being influenced by instructions embedded within the markdown files being linted.
- Capability inventory: The skill executes shell commands and writes to the filesystem using the
--fixflag. - Sanitization: None. The content is processed as raw text by the linter tool.
- Command Execution (MEDIUM): The skill executes a bash script that triggers
npx. While the script path is relative to the skill directory, it allows for arbitrary file path arguments.
Recommendations
- AI detected serious security threats
Audit Metadata