deno
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local scripts and project tasks using
deno run,deno task, anddeno test. These commands are standard for the runtime environment but allow the agent to run code defined within the project structure. - [EXTERNAL_DOWNLOADS]: The skill references downloading and managing dependencies from well-known registries like JSR and npm (e.g.,
deno add jsr:@std/path,deno add npm:react). It also utilizesdeno xto execute remote scripts from these trusted sources. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through project-specific metadata.
- Ingestion points: The agent is instructed to read and act upon configuration files such as
deno.json,deno.jsonc, anddeno.lockto identify tasks and dependencies. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard potentially malicious instructions embedded within task definitions or script names in the project files.
- Capability inventory: The agent can execute arbitrary shell commands via
deno task, install global executables viadeno install, and run scripts with network and file system permissions viadeno run. - Sanitization: No sanitization or validation of the contents of the
deno.jsonfile is specified before the agent executes the defined tasks.
Audit Metadata