generate-ts-models
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted external data (OpenAPI/Swagger JSON) to generate code.\n
- Ingestion points: The
<spec-file>input path used by the generation script.\n - Boundary markers: Absent; there are no specific instructions or delimiters provided to the agent to ignore instructions embedded within the JSON.\n
- Capability inventory: The script performs file-write operations to the local filesystem to create .ts and index files.\n
- Sanitization: No sanitization or validation of the input JSON content beyond basic format checks is described in the skill documentation.\n- [Command Execution] (SAFE): The skill relies on executing a local Node.js script (
scripts/generate.js). This is the intended primary purpose of the skill and no privilege escalation, obfuscation, or suspicious patterns were detected.
Audit Metadata