codegen-over-complex-types
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (INFO): The skill includes documentation for standard shell commands like
npm installandnpx. These are used to demonstrate how to use code generation tools in a local development environment and do not involve suspicious or unauthorized execution. - [EXTERNAL_DOWNLOADS] (INFO): The skill references standard npm packages (e.g.,
prisma,openapi-typescript). These are well-established community tools and the documentation follows standard installation practices. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process external schemas (YAML, GraphQL, JSON). While this constitutes an ingestion point for untrusted data, the suggested tools are static generators that produce TypeScript types, posing minimal risk to the agent's reasoning or the host system's security.
Audit Metadata