migrate-to-rslint
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using package managers (npm, pnpm, yarn, bun) to install libraries and run the
rslintCLI for validation. This is standard behavior for migration tools. - [EXTERNAL_DOWNLOADS]: The skill installs the
@rslint/coreandjitipackages from public registries.@rslint/coreis an expected dependency provided by the vendor. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from project files, including
package.json, ESLint configuration files, and source code directives. - Ingestion points: Files processed include
package.json,eslint.config.*, and source files containing linting comments. - Boundary markers: None identified.
- Capability inventory: The skill can perform package installations and arbitrary shell command execution via the linter CLI.
- Sanitization: No explicit sanitization of project file content is mentioned before processing.
Audit Metadata