markdown-validation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The script
validate-markdown.shutilizesnpx -y markdownlint-cli2, which fetches the linter package from the official npm registry. This is a standard practice for utilizing CLI tools in Node.js environments. - COMMAND_EXECUTION (SAFE): The skill invokes a local bash script to perform the validation. The script safely passes the filename argument to the linter tool.
- INDIRECT PROMPT INJECTION (LOW): The skill is designed to process user-provided markdown files, which presents a surface for indirect prompt injection if the files contain malicious instructions meant to subvert the agent's behavior during the 'fix errors' step.
- Ingestion points: SKILL.md (Step 1: 'Read the markdown file').
- Boundary markers: Absent.
- Capability inventory: validate-markdown.sh executes an external linter on the file content.
- Sanitization: Absent.
Audit Metadata