oxfmt-oxlint
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill is primarily composed of static documentation files. No evidence of obfuscation, hardcoded credentials, or suspicious network operations was found.
- Indirect Prompt Injection (LOW): The skill processes a large volume of external text from the docs/ directory. While the current content is benign, the absence of clear boundary markers or instructions to ignore embedded commands represents a potential (though low-risk) attack surface. (1) Ingestion points: Markdown files in the docs/ directory. (2) Boundary markers: Absent in the SKILL.md instructions. (3) Capability inventory: Subprocess execution via the scripts/search_docs.py helper. (4) Sanitization: Absent.
- Command Execution (SAFE): The skill defines a search tool that executes a local Python script (scripts/search_docs.py). This utility is used for full-text indexing of the provided documentation and is a standard component for this type of skill.
Audit Metadata