retype
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Executes 'retype-cli' via 'bunx', which fetches the package from the npm registry at runtime. This is a vendor-owned resource for 'knoopx' and is necessary for the skill's functionality.
- [PROMPT_INJECTION]: The skill processes untrusted codebase files, representing an indirect prompt injection surface. (1) Ingestion points: Local source files in directories specified by the '-p' flag. (2) Boundary markers: None present. (3) Capability inventory: Reading and modifying files (rename, extract, search) via 'retype-cli'. (4) Sanitization: Not applicable to the tool's execution model.
Audit Metadata