type-design-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze external TypeScript source code, creating a surface for indirect prompt injection.
- Ingestion points: The skill utilizes
Read,Glob, andGreptools to pull external file content into the agent's context. - Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish between its core analysis logic and instructions potentially embedded in the analyzed code.
- Capability inventory: The skill has access to the
Bashtool, which could be exploited if an attacker successfully injects commands via malicious code comments that the agent interprets as instructions. - Sanitization: No sanitization or validation of the input source code is specified before processing.
- False Positive (SAFE): The automated scanner flagged
this.caas a malicious URL. Inspection of the source reveals this is part of a standard TypeScript method callthis.canAddItem(item)in a code example, not a network request or external reference.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata