jsr-reverse
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because its core workflow involves the ingestion and analysis of untrusted external data, such as JavaScript source code and HTML from arbitrary URLs.
- Ingestion points: External data enters the agent context through the Intake Contract defined in SKILL.md and through the collection of artifacts like HTML, JS, and network responses as described in references/rs-collection-and-two-hop-routing.md.
- Boundary markers: There are no explicit security boundary markers or instructions to treat embedded strings as untrusted, which could allow malicious instructions within the code being analyzed to influence the agent.
- Capability inventory: The skill requires the agent to interpret complex logic and reconstruct code patterns, which are high-level reasoning tasks sensitive to context manipulation.
- Sanitization: No sanitization or filtering of the external code or data is performed before it is analyzed by the agent.
- [SAFE]: The file references/wasm-worker-webpack.md contains segments of unreadable text (Mojibake). Analysis suggests this is an unintentional encoding error (likely Chinese text misinterpreted) rather than a malicious obfuscation attempt.
Audit Metadata