lint-build-fixer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill identifies and executes scripts directly from the
package.jsonfile (e.g.,build,type-check,lint). Because it blindly trusts the contents of this configuration file, a malicious repository could execute arbitrary shell commands on the host system by defining them within these script tags. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads
package.json, project source files, and ESLint diagnostic output. - Boundary markers: Absent. The workflow does not include instructions to ignore or delimit embedded natural language instructions within the code.
- Capability inventory: Executes shell commands (
npm,python3), performs file modifications, and executesgit commitoperations. - Sanitization: Absent. The skill does not filter or sanitize the content of the files it processes before making decisions or executing fixes.
- Risk: An attacker could place malicious instructions in code comments or strings that trick the agent into exfiltrating sensitive environment variables or introducing backdoors during the 'fixing' process.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill references a local Python script
scripts/sort_eslint_by_rule.pywhich is not provided in the skill package. If an attacker can place a file at this path, the agent will execute it usingpython3.
Recommendations
- AI detected serious security threats
Audit Metadata