javascript-pro
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override safety filters, bypass constraints, or extract system prompts were detected. The instructions are focused on providing JavaScript development guidance.
- [Data Exposure & Exfiltration] (SAFE): The skill does not contain hardcoded credentials, access sensitive local file paths (like ~/.ssh or .env), or perform any network operations (curl, wget, fetch) to external domains.
- [Obfuscation] (SAFE): No encoded strings (Base64, hex), zero-width characters, or homoglyphs were found. The content is entirely transparent and human-readable.
- [Remote Code Execution / Dependencies] (SAFE): No external package installations (npm, pip) or remote script executions (piped curl-to-bash) are present. The skill operates within the standard conversational context of an LLM.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to process and generate code, it lacks automated data ingestion points or direct execution capabilities that would create a vulnerability to indirect injection.
Audit Metadata