writing-typescript
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized network operations found. Code examples use standard placeholders like 'DATABASE_URL' for configuration schemas.
- Obfuscation (SAFE): No Base64, zero-width characters, or homoglyphs detected in the source code or documentation.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard industry tools (bun, vite, vitest, zod). Commands like 'bun install' are appropriate for the skill's context as a development guide.
- Privilege Escalation (SAFE): No usage of 'sudo', 'chmod', or other commands that elevate system privileges.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or system services were found.
- Metadata Poisoning (SAFE): The skill metadata accurately describes its purpose without deceptive instructions.
- Indirect Prompt Injection (SAFE): The skill explicitly teaches security best practices, such as 'Parse, don't validate' using Zod, which helps prevent injection vulnerabilities in the code being written.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on time or environment variables was detected.
- Dynamic Execution (SAFE): The skill focuses on static typing and standard compilation/bundling workflows; it does not utilize 'eval()' or unsafe deserialization.
Audit Metadata