perses-lint
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using the
Bashtool with user-supplied file paths (e.g.,percli lint -f <file>). This pattern creates a potential command injection surface if the agent does not properly sanitize the filenames before passing them to the shell. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted resource definitions.
- Ingestion points: Untrusted JSON and YAML resource files are ingested through the
ReadandGlobtools. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard any embedded instructions within the dashboard definitions.
- Capability inventory: The agent has access to sensitive tools such as
Bash,Write, andEdit, which could be exploited if malicious instructions in the data influence the agent's behavior during the fix-and-revalidate cycle. - Sanitization: No sanitization logic is described to filter or validate the contents of the files before processing them.
Audit Metadata