Skills
skills/sonvee/ai-skills/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several shell commands to perform project diagnostics and validation.
  • Evidence: SKILL.md contains instructions to execute npx tsc, npm test, and node -e scripts to detect tooling and verify project state.
  • Evidence: scripts/ts_diagnostic.py uses subprocess.run(shell=True) to execute system commands including npx tsc, grep, and node versions checks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes content from project files that may be attacker-controlled.
  • Ingestion points: The agent is instructed to read and analyze package.json, tsconfig.json, and source code files within the src/ directory.
  • Boundary markers: Absent. There are no delimiters used to encapsulate file content or instructions to the LLM to ignore embedded commands within the data.
  • Capability inventory: The skill has extensive capabilities including shell command execution, file system access, and package management via npx.
  • Sanitization: Absent. The logic does not perform any validation or sanitization on file contents before they are analyzed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 04:53 PM