typescript-lsp
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill frequently uses
bunx @plaited/development-skills. This command fetches and executes code from the NPM registry at runtime. Because '@plaited' is not a trusted organization, this introduces a supply chain risk where a compromised package could execute malicious code on the host system. - COMMAND_EXECUTION (MEDIUM): Tools like
lsp-hover,lsp-symbols, andlsp-refsconstruct shell commands using variables such as<file>,<line>, and<char>. The skill documentation does not mention sanitization or validation of these inputs, which could be exploited for command injection if the agent or a user provides malicious input (e.g., path traversal or shell metacharacters). - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill reads and processes the contents of local source files (
*.ts,*.js, etc.) to provide symbol information. - Boundary markers: Absent. The skill does not instruct the agent to ignore instructions that might be embedded in code comments or string literals within the files being analyzed.
- Capability inventory: The skill uses the
Bashtool to executebunxand interact with the file system. - Sanitization: No sanitization of file content is performed before returning the JSON-formatted LSP output to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata