sc-pr-check
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local CLI tools such as linters, formatters, and test runners (e.g., ruff, flake8, eslint, pytest, jest) via the bash shell.
- [COMMAND_EXECUTION]: It implements an interactive remediation flow that executes shell commands to apply automatic fixes, such as
ruff check . --fix. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It processes untrusted data from local project files (e.g., package.json, pyproject.toml) and the stdout/stderr of executed tools. Evidence chain: (1) Ingestion points: Manifest files and tool output logs. (2) Boundary markers: Absent; no markers or instructions provided to the LLM to ignore embedded commands in the data. (3) Capability inventory: Access to bash for command execution and edit for file writing. (4) Sanitization: Absent; no validation or filtering is performed on ingested data before it influences agent decisions.
- [COMMAND_EXECUTION]: The skill may execute malicious code if a local project's configuration (e.g., an npm 'test' script) is intentionally compromised to perform unauthorized actions.
Audit Metadata