lang-typescript
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (INFO): The skill processes project-specific files which are technically untrusted data, but its capabilities are restricted to standard development workflows.
- Ingestion points: Reads project files including
tsconfig.json,justfile,eslint.config.js, and.ts/.tsxsource files to inform the agent's strategy. - Boundary markers: Not explicitly defined; the skill relies on the agent's internal logic to separate instructions from code content.
- Capability inventory: Includes executing build and test commands via
bun,tsc, andvitest, and performing targeted cache cleanup (rm -rf .vinxi .output). - Sanitization: None explicitly defined in the skill markdown.
- [COMMAND_EXECUTION] (SAFE): The identified commands (
bun run,tsc --noEmit,vitest) are standard industry practices for the stated purpose of the skill and do not involve unauthorized privilege escalation or suspicious network activity. - [EXTERNAL_DOWNLOADS] (SAFE): Documentation retrieval uses a trusted pattern (MCP) targeting reputable sources such as Microsoft and SolidJS.
Audit Metadata