eslint-plugin
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The instruction blocks (e.g., '' and 'CRITICAL: Ask these...') are legitimate process constraints designed to guide the agent through a TDD workflow. No patterns of instruction override, jailbreaking, or system prompt extraction were detected.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or suspicious network operations are present. External links point to legitimate developer tools (e.g., astexplorer.net).
- [Remote Code Execution] (SAFE): The skill mentions standard development tools like Bun, Vitest, and Jest. No remote scripts are downloaded or executed. Code templates use standard ESLint and TypeScript APIs without unsafe dynamic execution patterns.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph attacks were found.
- [Indirect Prompt Injection] (SAFE): While the skill involves the agent processing and generating code, it does not ingest untrusted external data (like web pages or emails) that could be used to inject malicious instructions into the agent's context.
Audit Metadata