tsdown
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High susceptibility to Indirect Prompt Injection (Category 8). The skill instructions lead the agent to process untrusted project files to derive configurations for a tool with script execution capabilities.\n
- Ingestion points: package.json, tsconfig.json, and project source files.\n
- Boundary markers: Absent.\n
- Capability inventory: Arbitrary shell execution via '--on-success' and arbitrary JS execution via 'hooks' and 'plugins'.\n
- Sanitization: Absent.\n- [COMMAND_EXECUTION] (HIGH): The documentation explicitly promotes the use of '--on-success' for shell commands and lifecycle hooks for asynchronous JavaScript execution, providing a direct path for code execution from configuration.\n- [REMOTE_CODE_EXECUTION] (HIGH): Recommends 'npx' commands which download and execute unverified remote code from the npm registry as part of the setup and migration workflows.
Recommendations
- AI detected serious security threats
Audit Metadata