link-validator
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local Python script ('scripts/validate_links.py') via 'uv run'. This is a standard operation for the skill's purpose of validating file paths.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted markdown files from user-defined paths. * Ingestion points: Markdown files (.md) in user-provided directories. * Boundary markers: No specific delimiters are used to isolate the untrusted markdown content. * Capability inventory: Uses 'Bash' and 'Edit' tools to process and fix files. * Sanitization: No explicit sanitization of the markdown content is described.
Audit Metadata