typescript-rules
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The skill contains only technical coding rules and architectural guidelines. There are no attempts to override system instructions or bypass agent safety filters.
- DATA_EXFILTRATION (SAFE): No network operations or sensitive file access patterns were found. The skill includes a dedicated security section that explicitly warns against storing API keys or secrets in frontend code.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded credentials or private keys are present. Examples used to illustrate security risks are clearly marked as prohibited patterns.
- REMOTE_CODE_EXECUTION (SAFE): The skill does not include commands to download or execute external scripts or packages.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill identifies external data sources (API responses, URL parameters) as untrusted and mandates the use of 'unknown' types and type guards, which is a key defense against indirect injection via data processing.
Audit Metadata