lint-fix
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using unvalidated user inputs for rule names ($0) and file patterns ($1). For example, the command
pnpm exec eslint --rule '@sentry/scraps/$0: error' "$1"is susceptible to command injection if the provided arguments contain shell metacharacters like semicolons, backticks, or dollar signs.\n- [COMMAND_EXECUTION]: For complex codebase changes, the skill instructs the agent to write and execute temporaryjscodeshiftcodemods or scripts using@typescript-eslint/typescript-estree, which involves dynamic code generation and execution at runtime.\n- [COMMAND_EXECUTION]: The skill executes.venv/bin/pre-commiton files, which runs local pre-commit hooks that can execute arbitrary logic defined in the project's repository hooks.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data and executes capabilities without sanitization.\n - Ingestion points: User-supplied arguments ($0, $1), local documentation files (
references/fix-patterns.md,references/token-taxonomy.md), and the source code files targeted for linting.\n - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands in the files it processes.\n
- Capability inventory: Shell command execution via
pnpm, local script execution viapre-commit, and file-writing permissions to modify the codebase.\n - Sanitization: Absent. External content and user inputs are interpolated into shell commands and prompts without escaping or validation.
Audit Metadata