typescript-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injection, or obfuscation were detected. The skill's operations are transparent and align with its stated purpose of assisting with TypeScript development.
- [COMMAND_EXECUTION]: The instruction set includes a 'Memory Protocol' which directs the agent to execute a local
catcommand on.claude/context/memory/learnings.md. This is a common pattern for maintaining cross-session state in specific agent frameworks. - [DATA_EXPOSURE]: The Node.js utility script (
scripts/main.cjs) reads local project metadata (package.json,tsconfig.json) and source files in thesrc/directory to report on configuration strictness and use of theanytype. This access is read-only and restricted to the workspace. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data (source code) and possesses significant capabilities (Bash, Write, Edit). However, the provided analysis script uses non-executing regex matching to scan content, and the risk is considered negligible for a developer tool of this nature.
Audit Metadata