Skills
skills/sien75/graphicode-skills/graphicode-junior-engineer-ts-state-react/Gen Agent Trust Hub

graphicode-junior-engineer-ts-state-react

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands like cat and echo to read state definitions and write the resulting TypeScript implementation to the project's directory. This behavior is scoped to files named README.md and index.ts within the managed project structure.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it translates natural language instructions from project files into executable code.
  • Ingestion points: Reads instructions from ./<stateDir>/<stateId>/README.md and existing code from index.ts.
  • Boundary markers: None; the skill does not use delimiters or instructions to prevent the agent from obeying embedded directives in the ingested Markdown files.
  • Capability inventory: The skill can read and write local files via shell commands and produces code that performs network operations (e.g., using fetch).
  • Sanitization: No sanitization or validation of the input README content is performed before it is used as a template for code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 06:36 AM