Skills
skills/alexei-led/cc-thingz/linting-instructions/Gen Agent Trust Hub

linting-instructions

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local script scripts/lint-instructions.py via uv run. This execution is explicitly restricted in the skill's configuration to this specific script, which aligns with security best practices for least privilege.
  • [EXTERNAL_DOWNLOADS]: The use of the uv package manager may result in the download of Python dependencies from the official PyPI registry. These downloads are standard for the tool and are considered safe.
  • [PROMPT_INJECTION]: The skill is an analysis tool that processes instruction files, creating a surface for indirect prompt injection. A malicious file could attempt to influence the sub-agent performing the review.
  • Ingestion points: Files are ingested using the Read, Glob, and Grep tools.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used in the sub-agent's prompt template.
  • Capability inventory: The skill possesses access to the Bash tool (restricted to the linting script) and the Agent tool for sub-task delegation.
  • Sanitization: No sanitization or filtering of the content of analyzed files is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:41 PM