ESLint Rule Analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes external configuration files (e.g., eslint.config.js, .eslintrc) which can contain malicious instructions or logic.\n
- Ingestion points: Reads configuration files and project source code using the
ESLint.calculateConfigForFileandRuleTesterAPIs.\n - Boundary markers: No specific delimiters or 'ignore' warnings for ingested configuration data are documented.\n
- Capability inventory: Employs the ESLint Node.js API, which executes JavaScript logic within flat configuration files as part of the resolution process.\n
- Sanitization: No sanitization or integrity validation of the ingested configuration files is specified.\n- [COMMAND_EXECUTION]: The installation instructions utilize the
npxcommand to fetch the skill from the author's (agentskillexchange) repository, which is consistent with the provided vendor context.\n- [EXTERNAL_DOWNLOADS]: The skill references standard ecosystem packages and shareable configurations (e.g.,eslint-plugin-unicorn,eslint-config-airbnb) for comparison and recommendation purposes, which is standard behavior for a linting tool.
Audit Metadata