lint-and-validate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill requests the 'Bash' tool to execute procedures like 'npm run lint' and 'ruff check'. Because 'npm' scripts are defined within the project being audited, a malicious project could define a 'lint' script that executes harmful commands on the host system.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on 'npx' for ESLint and TypeScript validation. This results in the automatic download and execution of packages from the npm registry at runtime, which can be exploited via dependency confusion or registry poisoning.
- [REMOTE_CODE_EXECUTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted external data (the project codebase) and possesses high-privilege execution capabilities (Bash, Python). A malicious project can use linter configuration files (e.g., .eslintrc.js) or metadata to execute code when the agent initiates the 'Quality Loop'.
- Ingestion points: Project files accessed via 'Glob', 'Grep', and 'Read' tools.
- Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded in the code it is linting.
- Capability inventory: 'Bash' for shell commands and 'python' for executing local scripts.
- Sanitization: Absent; paths and scripts are executed without validation or isolation.
- [UNVERIFIABLE_CODE] (MEDIUM): The skill references 'scripts/lint_runner.py' and 'scripts/type_coverage.py' as core components. These files were not provided for analysis, meaning their internal logic could perform unauthorized file access or network operations under the guise of 'validation'.
Recommendations
- AI detected serious security threats
Audit Metadata