typescript-knowledge-patch
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of untrusted Node.js packages '@typescript/native-preview', 'tsgo', and 'ts5to6'. These packages are not official Microsoft or TypeScript tools and are presented under the guise of fictional 'future' software releases.
- [REMOTE_CODE_EXECUTION]: Instructions guide users to run unverified code directly using 'npx tsgo' and 'npx ts5to6', which can execute arbitrary code on the user's machine from remote sources.
- [COMMAND_EXECUTION]: Provides specific bash commands for package installation and execution of preview tools that have no verified origin or official standing.
- [EXTERNAL_DOWNLOADS]: Contains multiple URLs that impersonate official Microsoft and GitHub resources (e.g., 'github.com/microsoft/typescript-go' and 'devblogs.microsoft.com/typescript/typescript-native-port/') but do not exist, serving as a social engineering tactic to build false trust.
Recommendations
- AI detected serious security threats
Audit Metadata