fix-types
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run standard development tools such as
tsc,npx tsc,bun run typecheck, andnx build. These tools are necessary for the skill's stated purpose of type error resolution. - [PROMPT_INJECTION]: Authoritative instructions (e.g., "MANDATORY", "NON-NEGOTIABLE") are used to steer the agent toward an evidence-based reasoning protocol and high confidence thresholds. This is a task-guidance technique rather than a security bypass.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and implementing fixes based on repository file content.
- Ingestion points: The agent reads local project files, documentation (
docs/project-reference/domain-entities-reference.md), and shared protocol definitions. - Boundary markers: Absent. The instructions do not specify delimiters to separate untrusted file content from instructions.
- Capability inventory: The skill possesses the ability to execute shell commands (
tsc,bun,nx) and modify project files. - Sanitization: Absent. There is no mention of validating or escaping the content read from files before it is processed by the agent.
Audit Metadata