typescript-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection because it processes untrusted source files while possessing high-privilege file-modification tools.\n
- Ingestion points: The skill triggers on and reads content from
.ts,.tsx,.js, and.jsxfiles, which are externally controlled and potentially adversarial.\n - Boundary markers: There are no delimiters or specific instructions provided to the agent to differentiate between the source code content it is analyzing and the instructions it should follow, allowing embedded comments to hijack agent logic.\n
- Capability inventory: The skill metadata explicitly allows the use of
EditandWritetools, granting the ability to perform persistent changes to the filesystem based on the processed input.\n - Sanitization: The skill lacks any defined sanitization, filtering, or validation logic for the external content it ingests.
Recommendations
- AI detected serious security threats
Audit Metadata