Skills
skills/steelan9199/wechat-publisher/js-error-fixer/Gen Agent Trust Hub

js-error-fixer

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the eslint and globals packages from the npm registry to perform its core functions.
  • [COMMAND_EXECUTION]: The skill uses npm install to set up its environment and npx eslint to analyze code. These commands are typical for JavaScript development workflows.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from local files.
  • Ingestion points: JavaScript files are read into the agent's context using Read and Glob tools in SKILL.md.
  • Boundary markers: No boundary markers or instructions are present to differentiate between code and potential natural language instructions embedded in file comments.
  • Capability inventory: The skill possesses the ability to execute shell commands (npm, npx), modify files (SearchReplace), and write tasks (TodoWrite).
  • Sanitization: The skill lacks sanitization or validation mechanisms for the content of the files it processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:27 AM