Skills
skills/fellipeutaka/leon/elysiajs/Gen Agent Trust Hub

elysiajs

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFE
Full Analysis
  • Category 1: Prompt Injection (SAFE): No instructions targeting agent behavior override or safety filter bypass were found. The content is purely technical documentation for a software framework.
  • Category 2: Data Exposure & Exfiltration (SAFE): The skill demonstrates secure handling of sensitive information using environment variables (e.g., process.env.OPENAI_API_KEY, process.env.JWT_SECRETS). Hardcoded secrets found in examples (e.g., 'Fischl von Luftschloss Narfidort') are clearly fictional placeholder strings used for educational purposes and do not represent actual credentials.
  • Category 3: Obfuscation (SAFE): All files are written in clear, human-readable Markdown and TypeScript. No Base64, zero-width characters, or other encoding tricks were detected.
  • Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): Documentation references standard, well-known packages from the npm registry (e.g., @elysiajs/cors, drizzle-orm, prisma). No scripts involve piping remote URLs to interpreters (curl|bash).
  • Category 5: Privilege Escalation (SAFE): No commands for unauthorized privilege escalation (e.g., sudo, chmod 777) were identified.
  • Category 6: Persistence Mechanisms (SAFE): The skill does not contain any code attempting to modify shell profiles, cron jobs, or startup services.
  • Category 7: Metadata Poisoning (SAFE): Metadata in metadata.json is accurate and describes the ElysiaJS framework without deceptive instructions.
  • Category 8: Indirect Prompt Injection (SAFE): While the framework is designed to handle HTTP requests, the provided files only document the infrastructure and do not include vulnerable interpolation of untrusted data into agent-specific prompts.
  • Category 9: Time-Delayed / Conditional Attacks (SAFE): Logic in the examples is standard for web request handling (e.g., timeouts, status checks) and does not gate malicious behavior based on environmental triggers.
  • Category 10: Dynamic Execution (SAFE): The framework uses standard TypeScript/JavaScript compilation and runtime patterns. No unsafe deserialization (pickle) or runtime code generation from untrusted sources was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 09:22 PM