Skills
skills/masanao-ohba/claude-manifests/typescript-coding-standards/Gen Agent Trust Hub

typescript-coding-standards

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill uses npx eslint "$FILE" within a shell command where $FILE is derived from TOOL_INPUT_FILE_PATH. While the variable is double-quoted, shell execution of external input presents an attack surface for argument injection or shell expansion if the environment or shell configuration allows it.
  • EXTERNAL_DOWNLOADS (MEDIUM): The use of npx allows for the automatic download and execution of the eslint package and its dependencies from the npm registry if they are not already cached locally. This introduces a runtime dependency on external third-party code.
  • DATA_EXFILTRATION (LOW): The SessionStart hook reads .claude/config.yaml to display coding standards. While intended for project configuration visibility, it demonstrates a capability to read local files and output their content to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:31 AM