typescript-write
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): Indirect Prompt Injection vulnerability (Category 8). The skill processes untrusted external requirements and source code to perform high-privilege file modifications. 1. Ingestion points: User requirements and existing source code. 2. Boundary markers: None identified. 3. Capability inventory: Code writing, refactoring, and development command execution. 4. Sanitization: None detected. Maliciously crafted inputs can result in the generation of backdoors or unauthorized code execution.
- [Command Execution] (MEDIUM): Reference to typescript-commands.md implies the use of system-level development tools like compilers and linters. Execution of these tools on attacker-influenced files poses a risk to the host environment if not properly sandboxed.
Recommendations
- AI detected serious security threats
Audit Metadata