typescript-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override agent behavior or bypass safety guidelines. The content is strictly technical.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths, hardcoded credentials, or network operations were detected.
- [Obfuscation] (SAFE): No evidence of Base64, zero-width characters, homoglyphs, or other encoding techniques intended to hide malicious content.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages or remote scripts are downloaded or executed. The skill contains only Markdown documentation.
- [Privilege Escalation] (SAFE): No commands related to acquiring elevated permissions (e.g., sudo, chmod) were found.
- [Persistence Mechanisms] (SAFE): No attempts to modify system configuration files, shell profiles, or scheduled tasks were identified.
- [Metadata Poisoning] (SAFE): Metadata fields (name, description) accurately reflect the content of the skill.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to process external TypeScript code during reviews, it lacks any write, execute, or network capabilities that could be exploited by malicious code it might process. It is classified as Tier INFO.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic gating behavior based on time, date, or specific environment conditions was found.
- [Dynamic Execution] (SAFE): No use of eval, exec, or runtime compilation of code was detected.
Audit Metadata