typescript
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process external, untrusted TypeScript code files (.ts, .tsx, .d.ts) to provide refactoring and optimization guidance, creating an attack surface for indirect prompt injection. * Ingestion points: External source files and compiler error messages. * Boundary markers: Absent; the skill does not include instructions for the agent to distinguish between its own logic and instructions potentially embedded in user-provided comments or code. * Capability inventory: The skill influences agent reasoning and code generation tasks (e.g., refactoring) but does not contain its own script-based write or execute capabilities. * Sanitization: No input validation or sanitization rules are provided for the code being processed.
- [No Code] (SAFE): The skill consists entirely of markdown-based instructions and metadata with no Python scripts, Node.js packages, or shell commands, significantly limiting its direct threat potential.
Audit Metadata