typescript-detector
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a process to extract shell commands from potentially attacker-controlled files. \n
- Ingestion points: The skill reads
package.json(scripts section),Makefile(targets), andCLAUDE.md(various sections). \n - Boundary markers: None. The instructions explicitly tell the agent to 'Extract exact command mentioned' without defining limits or delimiters for the untrusted content. \n
- Capability inventory: While this skill only performs detection, the documentation states it is explicitly for use by the
quality-gates-compilationagent, which 'Use command.compile for running type checks', implying direct shell execution of the extracted string. \n - Sanitization: None. There is no validation to ensure the extracted string is a legitimate compiler command or to filter malicious shell metacharacters (e.g.,
;,&&,|). - [Remote Code Execution] (HIGH): By facilitating the extraction of unsanitized commands from untrusted sources for downstream execution, the skill enables an RCE vector. An attacker can replace a valid compilation command with a malicious payload (e.g.,
rm -rf /or a reverse shell) in the repository's configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata