Skills
skills/christopher-buss/rbxts-jest-transformer/tsdown/Gen Agent Trust Hub

tsdown

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the --on-success CLI flag and onSuccess configuration option, which enables the execution of arbitrary shell commands after a build succeeds.
  • [REMOTE_CODE_EXECUTION]: Documentation for lifecycle hooks and the programmatic API illustrates how to execute arbitrary Node.js scripts and process-level commands (e.g., execSync for publishing or testing).
  • [EXTERNAL_DOWNLOADS]: The instructions recommend installing various development dependencies from the npm registry, such as tsdown, typescript, and several build-time plugins.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and process untrusted project files and configurations.
  • Ingestion points: Source code files and configuration files (e.g., tsdown.config.ts, package.json).
  • Boundary markers: Not present.
  • Capability inventory: File system writing, arbitrary shell command execution, and arbitrary script execution via hooks.
  • Sanitization: Not present.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:58 PM