Skills
skills/niracler/skill/markdown-lint/Gen Agent Trust Hub

markdown-lint

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Shell injection vulnerability identified in the file processing automation.
  • Evidence: In SKILL.md, the command bash scripts/check-horizontal-rules.sh $(find . -name '*.md' ...) and the subsequent loop for file in $files; do ... done fail to use double quotes around subshell expansions and variable references. If a file in the repository is named with shell metacharacters (e.g., ; touch EXPLOIT ;.md), the shell will execute those characters as commands during expansion.
  • [COMMAND_EXECUTION]: Modification of file system permissions.
  • Evidence: The skill instructs the agent to perform chmod +x on the scripts/check-horizontal-rules.sh file.
  • [EXTERNAL_DOWNLOADS]: Fetching of external dependencies and tools.
  • Evidence: The skill configuration downloads and installs markdownlint-cli2 via npx and references the official markdownlint repository https://github.com/DavidAnson/markdownlint-cli2 for pre-commit hooks.
  • [INDIRECT_PROMPT_INJECTION]: Vulnerability to indirect manipulation via untrusted repository content.
  • Ingestion points: The skill processes all markdown (.md) files found within the local repository using find and awk.
  • Boundary markers: None; the shell and awk scripts process file content directly without delimiters or instruction-ignore headers.
  • Capability inventory: The skill has the ability to execute shell scripts (bash), read files (awk), and overwrite files (mv).
  • Sanitization: None; the lack of quoting in shell commands represents a failure to sanitize input from the file system, leading to the command injection risk noted above.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 09:47 AM