node-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): No malicious patterns, such as data exfiltration, credential theft, or obfuscation, were detected. The skill primarily provides templates for TypeScript development.
- [No Code] (SAFE): The skill consists entirely of a README and metadata. No executable scripts (.py, .js, .sh) are included in the skill definition, reducing the local attack surface to zero.
- [Indirect Prompt Injection] (SAFE): The skill is designed to take user descriptions to generate TypeScript code. While this is an ingestion surface for untrusted data, the skill itself does not execute the generated code or have capabilities that could be abused through injection within this scope.
- Ingestion points: User-provided descriptions of nodes via triggers defined in metadata.json.
- Boundary markers: No explicit delimiters are used to wrap user input in the generation template.
- Capability inventory: None; the skill's only output is TypeScript text.
- Sanitization: Not present, as the skill serves as a development template.
Audit Metadata