precommit
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using tools like node, npm, ruff, and cargo to automate project quality gates. It specifically attempts to run a local script located at .claude/scripts/precommit-runner.js if detected within the project.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted project manifest files to determine its execution path.
- Ingestion points: Project configuration files such as package.json, pyproject.toml, and the local precommit-runner.js script.
- Boundary markers: Absent; there are no delimiters or instructions to prevent the agent from obeying instructions embedded in these project files.
- Capability inventory: Extensive bash tool access provided in the allowed-tools frontmatter, including multiple runtimes and build systems.
- Sanitization: The skill lacks mechanisms to validate or sanitize script names and configurations extracted from the local filesystem before they are interpolated into shell commands.
Audit Metadata