typescript-strict
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts, bypass safety filters, or extract system instructions. The skill's focus remains entirely on TypeScript coding standards.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The skill operates locally on the codebase.
- [Obfuscation] (SAFE): The content is clear and uses standard Markdown and TypeScript syntax. No Base64, zero-width characters, or other encoding tricks are present.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references 'bun' and 'tsc', which are standard tools in a TypeScript development environment. There are no attempts to download or execute scripts from untrusted remote sources.
- [Privilege Escalation] (SAFE): No commands like 'sudo', 'chmod', or system-level configuration changes are requested or performed.
- [Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles, startup scripts, or scheduled tasks to maintain unauthorized access.
- [Metadata Poisoning] (SAFE): The metadata (name, description, author) accurately reflects the skill's purpose and does not contain deceptive instructions.
- [Indirect Prompt Injection] (LOW): As a coding skill, it ingests external data (code files) using Read/Grep tools. While this is a surface for indirect injection, the risk is inherent to its primary purpose and the skill does not have elevated capabilities that would make this a high-severity concern.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic was found that triggers behavior based on specific dates, times, or environment conditions.
- [Dynamic Execution] (SAFE): The skill does not generate and execute code at runtime using 'eval' or similar functions. It uses 'tsc' for static type checking only.
Audit Metadata