lint-new
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command
CI=true pnpm test "static/eslint/eslintPluginScraps/src/rules/$ARGUMENTS.spec.ts". The$ARGUMENTSvariable, which represents the user-provided rule name, is interpolated directly into the shell string without sanitization. This allows a malicious rule name containing shell metacharacters (e.g.,;,&&,|) to execute arbitrary commands on the system. - [REMOTE_CODE_EXECUTION]: The skill workflow involves executing local tests and scripts via the
pnpmpackage manager. While standard for development, this pattern allows for the execution of code generated by the agent or existing in the repository. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the
$ARGUMENTSparameter. - Ingestion points: The
$ARGUMENTSvariable inSKILL.mdcaptures user input. - Boundary markers: Absent; the input is placed directly into code templates and shell commands without delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent is authorized to perform file writes and subprocess execution (
pnpm test). - Sanitization: Absent; the rule name is not validated or escaped before being used in critical operations.
- [SAFE]: The skill uses well-known development dependencies and follows standard patterns for Sentry's internal ESLint plugin development.
Audit Metadata