yy-lint
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides an interface to execute custom commands via
/yy-lint <command>, which are passed directly to the shell. This allows the execution of arbitrary commands (e.g., file deletion, network operations) that are not restricted to code linting tasks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data to drive its 'fix' logic.
- Ingestion points: The skill reads
package.json(Phase 1),.nvmrc(Phase 2), and the full output/logs of shell commands (Phase 3) from the local project environment. - Boundary markers: There are no explicit delimiters or instructions (e.g., 'ignore embedded instructions') used when the agent ingests content from these files or command logs.
- Capability inventory: The agent is authorized to execute shell commands and modify local source code to perform automated fixes.
- Sanitization: The skill does not implement any validation, escaping, or sanitization of the content retrieved from the project environment or tool outputs before using that content to determine the agent's next steps or code modifications.
Recommendations
- AI detected serious security threats
Audit Metadata