linguist
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/install-linguist-hooks.shinstalls a Git hook in the.git/hooksdirectory. While this is a standard feature for automating development workflows, it functions as a persistence mechanism within the repository's configuration environment. - [COMMAND_EXECUTION]: The script
scripts/install-linguist-hooks.shcontains a path traversal vulnerability. The--modeparameter is used to construct a file path (.git/hooks/${MODE}) without sanitization, allowing files to be written to arbitrary locations if the script is invoked with malicious path segments. - [COMMAND_EXECUTION]: The skill's documentation and the PowerShell wrapper
scripts/linguist-i18n.ps1utilize the-ExecutionPolicy Bypassflag. This facilitates script execution by bypassing local security restrictions on Windows systems. - [PROMPT_INJECTION]: The skill processes codebase files through
scripts/check-linguist.mjs, creating a surface for indirect prompt injection. - Ingestion points: The script reads and processes project files (JSON, JS, HTML, etc.) in
scripts/check-linguist.mjsto detect hardcoded strings. - Boundary markers: No delimiters or specific instructions are used to isolate untrusted project content from the agent's logic.
- Capability inventory: The skill can write files and install Git hooks through its included scripts.
- Sanitization: No sanitization or filtering is performed on the content of the analyzed files before processing.
Audit Metadata