typescript-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE] (SAFE): No malicious patterns or behaviors detected across all threat categories.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not define or download any external dependencies. It is a standalone documentation file.
- [COMMAND_EXECUTION] (SAFE): There are no shell commands, script executions, or subprocess calls. The skill even explicitly advises against using 'eval()'.
- [DATA_EXFILTRATION] (SAFE): No network operations (curl, wget, fetch) or sensitive file path access (SSH keys, AWS credentials) are present.
- [PROMPT_INJECTION] (SAFE): The content is purely instructional regarding code quality and style; it contains no bypass markers, role-play injections, or attempts to extract system prompts.
- [MALICIOUS_URL_REVIEW] (SAFE): An automated scanner flagged 'Status.In' as a malicious URL. Analysis confirms this is a false positive: 'Status.Inactive' is used in a TypeScript switch-case example as an Enum value, which the scanner misidentified as a domain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata