Skills
skills/matthewharwood/fantasy-phonics/js-micro-utilities/Gen Agent Trust Hub

js-micro-utilities

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installing numerous micro-packages from the 'just-*' ecosystem (e.g., just-diff, just-extend, just-template) via npm. While these are reputable libraries, they represent external dependencies.
  • [COMMAND_EXECUTION] (LOW): The skill provides shell commands for package installation (npm i just-...).
  • [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified.
  • Ingestion points: Uses 'Read' tool to access external files.
  • Boundary markers: No specific delimiters or instruction-ignoring markers suggested for data processing snippets.
  • Capability inventory: Metadata allows 'Write' and 'Edit' tools, creating a pathway where processed untrusted data could influence filesystem state.
  • Sanitization: The mentioned utilities (especially just-template) lack built-in sanitization for AI-specific instructions.
  • [SAFE] (INFO): The 'native-first' approach is a strong security practice that reduces unnecessary third-party code exposure by utilizing modern ES2024 features like structuredClone and Object.groupBy.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 06:19 AM