Skills
skills/tezuka-akihiro/claudemix/valibot-schema-generator/Gen Agent Trust Hub

valibot-schema-generator

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to read local specification files and executes a local Node.js script (scripts/generate-schema.js) to automate the generation of TypeScript schema files.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes YAML specification files (-spec.yaml) provided as input. A maliciously crafted YAML file could attempt to influence the generated code. Evidence: The prompt in prompts/01-generate.md ingests data from app/specs/{service}/{section}-spec.yaml without explicit sanitization beyond structured extraction instructions.
  • [EXTERNAL_DOWNLOADS]: The documentation and troubleshooting guide recommend installing standard, well-known libraries (valibot, @conform-to/react, @conform-to/valibot) from the npm registry to support the generated code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 01:30 PM