effect-ts
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process untrusted data from a user's repository to inform the agent's actions.
- Ingestion points: Project configuration files (package.json, tsconfig.json, lockfiles) and repository source code mentioned in SKILL.md and references/setup-tooling.md.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore embedded instructions within the project files being analyzed.
- Capability inventory: The agent has the capability to read local files, generate code, and execute shell commands via CLI tools like effect-solutions and @effect/language-service.
- Sanitization: Absent; there are no instructions for validating or sanitizing the content retrieved from external project files.
- [DATA_EXFILTRATION]: The instructions in SKILL.md and references/setup-tooling.md direct the agent to inspect project configuration and metadata files (e.g., package.json, tsconfig.json). While standard for coding tasks, this involves reading files that could contain sensitive project information or be manipulated by an attacker to influence the agent.
- [COMMAND_EXECUTION]: The skill encourages the use of CLI tools such as effect-solutions and @effect/language-service for project auditing and setup tasks. These operations involve shell command execution, which is a sensitive capability that could be misused if project context is compromised.
Audit Metadata