typescript-expert
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The diagnostic script
scripts/ts_diagnostic.pyutilizessubprocess.runwithshell=Trueto execute system commands liketsc,node, andgrepfor project analysis. These operations are restricted to hardcoded diagnostic queries and standard project paths. - [COMMAND_EXECUTION]: In
SKILL.md, the agent is instructed to use anode -eone-liner to parse thepackage.jsonfile. This is a standard method for identifying project dependencies and tooling without requiring additional external libraries. - [EXTERNAL_DOWNLOADS]: The skill frequently invokes
npxfor tasks like type checking (npx tsc) and testing (npx vitest). These tools may download package updates from the npm registry if they are not already cached on the system. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from the user's project files during diagnostics. This is a common property of developer tools and is handled safely within the skill's scope.
- Ingestion points: The skill reads and analyzes
package.json,tsconfig.json, and TypeScript source files in thesrc/directory (found inSKILL.mdandscripts/ts_diagnostic.py). - Boundary markers: No specific boundary markers or delimiters are used to isolate project data from the instructions.
- Capability inventory: The skill has the ability to execute shell commands and read/write files as part of its expert development functions.
- Sanitization: No explicit sanitization or filtering of project file content was detected before the data is processed by the agent or diagnostic scripts.
Audit Metadata