fuzz
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for running local scripts and binaries (
pnpm fuzz,bun scripts/...) to perform fuzzing and coverage measurements. These commands are typical for a developer environment and consistent with the skill's role in a rule-validation pipeline. - [EXTERNAL_DOWNLOADS]: A documented synchronization script (
bun scripts/sync-fuzz-corpus.ts) is used to fetch external repositories for the fuzzing corpus. This is a functional requirement for testing the tool against a diverse set of real-world programs. - [PROMPT_INJECTION]: The fuzzer processes external code from a regression corpus and real-world repositories. While this presents an indirect prompt injection surface where malicious instructions could be embedded in the code samples, the tool's purpose is to parse this code for linting violations rather than executing its logic, and this ingestion is central to the tool's primary function.
Audit Metadata