enforcing-code-linting
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes multiple shell commands (
npx,npm,git) to perform linting and apply fixes. There is no validation or sanitization of the file paths or contents passed to these commands, allowing for potential exploitation via malicious filenames or environment manipulation.\n- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted data (project source code) and possesses 'write' and 'execute' capabilities (via--fixandnpx). This satisfies the HIGH severity tier for Category 8.\n - Ingestion points: Project files identified via
git diff(JS, TS, CSS, etc.) are read and processed by the agent and the tools.\n - Boundary markers: Absent. The skill provides no delimiters or instructions to the agent to ignore embedded instructions within the code being linted, making it susceptible to malicious comments that could override agent behavior.\n
- Capability inventory: Execution of
npx,npm, andgit; modification of files via linting 'fix' flags; installation of packages.\n - Sanitization: Absent. No validation or escaping is performed on the files or their content before processing.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on
npxandnpm install, which download packages from the npm registry. While the listed tools are common, this mechanism can be exploited for dependency confusion or to execute malicious code if package names are manipulated or if a user is tricked into installing a malicious linter plugin.
Recommendations
- AI detected serious security threats
Audit Metadata