typebox
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Metadata Poisoning] (MEDIUM): The skill provides false information by claiming the official
@sinclair/typeboxpackage is deprecated and instructing users to usetypeboxinstead. In practice,@sinclair/typeboxis the active and recommended package. Such misleading instructions can lead to dependency confusion or the use of non-standard packages. - [Dynamic Execution] (MEDIUM): The skill demonstrates the use of
Compile()with raw TypeScript syntax strings. This involves runtime parsing and code generation (often utilizingnew Function()for performance). If an attacker can influence the string passed toCompile(), it may lead to arbitrary code execution within the agent's runtime environment. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process schemas from various external libraries (Zod, Valibot). While it functions as a validator, this ingestion surface creates a potential vector for injection attacks if the schemas themselves contain malicious instructions designed to subvert agent logic.
Audit Metadata