typescript-write
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's workflow involves processing untrusted code from a project folder. The instructions to 'Run targeted tests' and 'lint continuously' while working 'autonomously' create a surface where malicious instructions hidden in comments or test cases could be executed or influence the agent's logic.
- Ingestion points: Files within the project folder being refactored or developed (referenced in
SKILL.md). - Boundary markers: Includes a safety constraint restricting access to the project folder, which mitigates the impact of file access violations.
- Capability inventory: Implied execution of shell-based testing and linting tools, alongside file modification capabilities.
- Sanitization: The workflow does not include instructions for sanitizing or validating the content of ingested files.
- [Command Execution] (LOW): The skill relies on the agent's ability to execute local tools for development. The instruction to work autonomously increases the likelihood that a malicious script could be executed without manual user verification of the specific command.
Audit Metadata