calculator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues were detected.
- The skill implements a custom parser and evaluator based on the Shunting-yard algorithm in
scripts/src/calculator.ts, ensuring that input is processed as mathematical data rather than executable code. - Input tokenization is restricted via regex to numbers and specific mathematical operators (
+,-,*,/,^,(,)), preventing command injection. - The skill uses the widely trusted
big.jslibrary for high-precision decimal math, avoiding native floating-point risks. - No suspicious network activity, file system access, or credential exposure was found during the analysis of the scripts.
Audit Metadata