Skills
NYC
skills/smithery/ai/typescript-review/Gen Agent Trust Hub

typescript-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to process external, untrusted content (pull requests and diffs) which serves as a primary ingestion point for malicious instructions.
  • Ingestion points: Defined in the description and body of SKILL.md for reviewing PRs and diffs.
  • Boundary markers: Absent. The instructions lack delimiters or specific directives to ignore instructions embedded within the reviewed code.
  • Capability inventory: The skill is granted Bash, Read, Grep, and Glob tools. The inclusion of Bash provides a high-privilege environment that can be exploited if the agent is subverted by malicious input.
  • Sanitization: Absent. There is no evidence of sanitization or validation of the input data before it is processed by the agent or passed to tools.
  • Command Execution (HIGH): The skill explicitly allows the Bash tool. While intended for code analysis (e.g., running linters), this capability creates a high-impact risk when combined with the untrusted data ingestion described above.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:36 AM