Skills
skills/vchirrav/owasp-secure-coding-md/sast-eslint-security/Gen Agent Trust Hub

sast-eslint-security

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill requires installing eslint and eslint-plugin-security via npm. These are reputable and widely-used packages in the JavaScript ecosystem.
  • COMMAND_EXECUTION (LOW): The skill executes npx eslint to perform its primary function. This command runs locally and does not attempt to escalate privileges.
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it ingests and processes content from untrusted source code and its analysis results. Evidence Chain: 1. Ingestion points: Source files in <target-path> and the output file eslint-security-results.json. 2. Boundary markers: Absent in the prompt instructions. 3. Capability inventory: Execution of shell commands via npx. 4. Sanitization: No explicit sanitization or filtering of the tool's output is performed before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM