migrate-to-rslint

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using package managers (npm, pnpm, yarn, bun) to install libraries and run the rslint CLI for validation. This is standard behavior for migration tools.
  • [EXTERNAL_DOWNLOADS]: The skill installs the @rslint/core and jiti packages from public registries. @rslint/core is an expected dependency provided by the vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from project files, including package.json, ESLint configuration files, and source code directives.
  • Ingestion points: Files processed include package.json, eslint.config.*, and source files containing linting comments.
  • Boundary markers: None identified.
  • Capability inventory: The skill can perform package installations and arbitrary shell command execution via the linter CLI.
  • Sanitization: No explicit sanitization of project file content is mentioned before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:44 AM
Security Audit — agent-trust-hub — migrate-to-rslint