Skills
skills/d-oit/do-novelist-ai/typescript-guardian/Gen Agent Trust Hub

typescript-guardian

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill analyzes untrusted source code, creating a surface where malicious instructions in comments could influence the agent. \n1. Ingestion points: Source code files in 'src/' accessed via grep and compiler tools. \n2. Boundary markers: Absent; no delimiters or warnings about embedded instructions are used. \n3. Capability inventory: Execution of 'grep', 'npx tsc', and 'npm run' commands via shell (SKILL.md). \n4. Sanitization: Absent; no escaping or filtering of external content before processing. \n- External Downloads (LOW): The command 'npx tsc' may download packages. This is a trusted dependency from a Microsoft-associated repository, lowering risk per [TRUST-SCOPE-RULE]. \n- Command Execution (SAFE): Uses 'grep' and 'npm' for its primary, intended purpose of code analysis and linting.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM