markdown
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/markdown-linter.shscript fetches and installs theprettierformatting tool globally using thenpmpackage manager if it is not already present on the system. This installation targets a well-known service and package for standard document formatting. - [COMMAND_EXECUTION]: The script
scripts/markdown-stats.pyutilizes thesubprocessmodule to execute thepandocutility. This is used locally to convert Markdown content into plain text for word count and reading time estimation, representing standard utility usage. - [PROMPT_INJECTION]: The skill includes utilities that process external Markdown files. While these files constitute untrusted data that could contain embedded instructions, the risk is minimal as the processing is limited to formatting and metadata extraction.
- Ingestion points: Markdown files passed as arguments to
scripts/markdown-linter.shandscripts/markdown-stats.py(e.g., README.md). - Boundary markers: No specific delimiters or safety warnings are implemented for processed file content.
- Capability inventory: The skill possesses file system write access via
prettier --writeand local command execution capabilities viasubprocess.runfor thepandocutility. - Sanitization: Standard file handling is used; however, no specific sanitization or filtering of Markdown content is performed before processing.
Audit Metadata