plankton-code-quality
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a third-party repository (github.com/alexfazio/plankton.git) which is not included in the trusted vendors list. This repository contains the core logic and shell scripts executed by the skill.\n- [COMMAND_EXECUTION]: Implements several shell hooks (multi_linter.sh, protect_linter_configs.sh, stop_config_guardian.sh) that run during the agent session, executing local binaries and scripts to enforce code quality and configuration protection.\n- [REMOTE_CODE_EXECUTION]: Spawns secondary Claude subprocesses (claude -p) that are dynamically tasked with fixing linting errors. These subprocesses have the capability to modify the codebase based on instructions derived from linter output.\n- [PROMPT_INJECTION]: The skill's automated fixer subprocesses represent an indirect prompt injection surface.\n
- Ingestion points: Processes unvalidated file content being edited and linter-generated JSON messages.\n
- Boundary markers: No specific delimiters or ignore instructions directives are mentioned for the subprocess prompts.\n
- Capability inventory: The system executes shell scripts and spawns agents with full file-write and subprocess capabilities.\n
- Sanitization: No evidence of sanitizing or escaping the content being passed to the subprocesses.
Audit Metadata