Skills
skills/claudiodearaujo/izacenter/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands to detect environment versions and analyze project configurations.
  • Evidence: Running npx tsc --version and node -v in SKILL.md.
  • Evidence: node -e is used in SKILL.md to parse package.json for dependency detection.
  • Evidence: scripts/ts_diagnostic.py uses subprocess.run(shell=True) to execute diagnostic commands such as npx tsc --noEmit.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to invoke tools from the TypeScript ecosystem, which may involve downloading packages at runtime.
  • Evidence: References to tsc, vitest, tsx, ts-node, ts-migrate, and typesync via npx in SKILL.md and scripts/ts_diagnostic.py.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from local project files.
  • Ingestion points: Reads package.json, tsconfig.json, and scans the src/ directory as part of its diagnostic routine.
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted project data from agent instructions.
  • Capability inventory: The skill can execute shell commands via Python's subprocess and through npm/npx instructions.
  • Sanitization: Data read from configuration files is not sanitized before it is used or displayed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:15 AM