tsdown
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by requiring the agent to ingest and act upon data from external project files.
- Ingestion points: The skill instructs the agent to read and interpret
package.json,tsconfig.json, andtsdown.config.ts(documented inSKILL.md,references/configuration.md, andreferences/declaration-files.md). - Boundary markers: There are no instructions or delimiters provided to prevent the agent from following instructions that might be maliciously embedded within these project files.
- Capability inventory: The skill documentation describes command execution via
npx tsdown(SKILL.md) and arbitrary JavaScript execution through theonSuccesshook (references/advanced-features.md). - Sanitization: No sanitization or validation mechanisms are described for the content extracted from the project files before it is used to configure or execute builds.
- [COMMAND_EXECUTION]: The skill documents the use of CLI tools (
tsdown,create-tsdown) and an extensibility hook (onSuccess) which allow for the execution of system commands and arbitrary JavaScript code as part of the build pipeline.
Audit Metadata