code-lint
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes local scripts and task runner targets from files such as Makefile, justfile, or the bin/ directory based on project discovery. This presents a risk of executing malicious code if the repository being analyzed is untrusted.
- [PROMPT_INJECTION]: The skill processes instructions from project documentation files to detect the preferred way to run linting. This creates an indirect prompt injection surface where a malicious project could influence the agent's behavior. \n
- Ingestion points: README.md, CONTRIBUTING.md, CLAUDE.md, AGENTS.md, GEMINI.md, CODEX.md, Makefile, package.json. \n
- Boundary markers: Absent; the agent is instructed to directly follow instructions found in these files without specific isolation. \n
- Capability inventory: Shell command execution (jj, npm, make, bin/*) and file system access. \n
- Sanitization: None.
Audit Metadata