validate-code
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via
npm runbased on scripts found in the localpackage.json. It specifically attempts to runlint-fix,lint:fix,lint, andtest. While this relies on scripts defined in a local file, it is the intended primary functionality for a code validation tool. - [COMMAND_EXECUTION]: Assessment of indirect command execution surface: 1. Ingestion points: The skill reads
package.jsonfrom the file system to determine which scripts to execute. 2. Boundary markers: Absent; the skill does not use specific delimiters to isolate external file content. 3. Capability inventory: Executes arbitrary shell commands through thenpmCLI. 4. Sanitization: None; the skill executes scripts exactly as they are defined in the project configuration.
Audit Metadata