typescript-docs
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from source code comments without employing boundary markers or sanitization. An attacker could embed malicious instructions in JSDoc blocks that could influence the agent's behavior during the documentation process.
- Ingestion points: Reads TypeScript source files located in the
src/directory. - Boundary markers: None implemented in the TypeDoc configuration or JSDoc parsing templates.
- Capability inventory: The skill utilizes
Bash,Write, andEdittools, which could be misused if an injection is successful. - Sanitization: No validation or filtering is performed on the content extracted from source comments.
- [PROMPT_INJECTION]: The file
references/examples.mdcontains an extreme amount of repetitive text praising documentation quality and the skill's utility. This is a self-referential injection attempt (Category 8e) aimed at manipulating the AI analyzer's sentiment-based assessment of the skill's safety. - [COMMAND_EXECUTION]: The skill incorporates bash command patterns for documentation workflows, such as
npx typedocandpython -m http.server, which grant the agent command-line execution capabilities. - [EXTERNAL_DOWNLOADS]: The skill references several third-party packages from the npm registry, including
typedoc,@compodoc/compodoc, and various TypeDoc plugins. While these are standard tools, they constitute external dependency management.
Audit Metadata