typescript-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions do not contain any patterns attempting to override agent behavior or bypass safety filters. Phrases like 'Must use' in the description are standard functional triggers for loading the skill context.
- Data Exposure & Exfiltration (SAFE): The skill provides examples of validating environment variables and making API calls. No hardcoded credentials or suspicious exfiltration patterns were found. The usage of
process.envis shown within a best-practice context for configuration validation. - Unverifiable Dependencies (SAFE): The skill references standard, highly trusted libraries in the TypeScript ecosystem, such as
zod,type-fest, anddebug. No malicious or unknown packages are requested for installation. - Indirect Prompt Injection (LOW): While the skill is intended to be active when the agent reads or writes code (an ingestion surface), it provides static guidance rather than executing logic on that data. It does not introduce new vulnerabilities or unsafe interpolation of untrusted data.
Audit Metadata