Skills
NYC
skills/microck/ordinary-claude-skills/ts-agent-sdk/Gen Agent Trust Hub

ts-agent-sdk

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill parses untrusted tool definitions and Zod schemas from src/server/modules/mcp*/server.ts. Because the agent uses this data to generate and then suggest the execution of TypeScript scripts, a malicious actor could embed instructions in tool descriptions to compromise the system.
  • Ingestion points: src/server/modules/mcp*/server.ts (tool names, descriptions, and schemas).
  • Boundary markers: None specified. The skill assumes tool definitions are safe to extract and interpolate directly into code templates.
  • Capability inventory: The skill has file system write access to ./scripts/sdk/ and triggers command execution via npx tsx for generated scripts.
  • Sanitization: No sanitization or validation of the extracted metadata is performed before it is used to generate executable code.
  • Dynamic Execution (MEDIUM): The skill generates and promotes the execution of dynamic TypeScript code at runtime based on patterns it discovers in the project.
  • Evidence: The workflow involves generating client.ts and examples/*.ts files using templates and extracted metadata, which are subsequently recommended for execution to interact with backend services.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:00 AM