Skills
skills/biggora/claude-plugins-registry/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its automated type-fixing command.
  • Ingestion points: The agent is instructed to read project metadata from package.json and tsconfig.json, as well as source code files using Read, Glob, and Grep (commands/typescript-fix.md).
  • Boundary markers: The instructions do not define delimiters or provide warnings to the agent to disregard natural language instructions that might be embedded within the project's code or configuration files.
  • Capability inventory: The skill utilizes powerful capabilities including Bash for command execution and Edit/Write for file modification across the project directory (commands/typescript-fix.md).
  • Sanitization: No explicit sanitization or validation of the ingested project data is performed before it is used to determine the execution of shell commands.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local development commands.
  • The typescript-fix command instructs the agent to execute project-defined scripts (e.g., npm run typecheck) and the TypeScript compiler (npx tsc) using the Bash tool. While these are standard developer workflows, they represent a path for executing code defined within the analyzed project.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 10:00 AM