typescript-expert
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script
scripts/ts_diagnostic.pyutilizessubprocess.run(shell=True)to execute system commands likegrep,node, andnpx. While the command strings are currently hardcoded, this is a security best-practice violation. Furthermore, runningnpxortscin an untrusted workspace can lead to local code execution if the workspace contains malicious configuration or hidden dependencies.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). \n - Ingestion points:
scripts/ts_diagnostic.pyreads and outputs contents frompackage.json,tsconfig.json, and performs recursive searches on thesrc/directory. \n - Boundary markers: The skill lacks delimiters or explicit warnings to the agent when outputting file content or search results. \n
- Capability inventory: The script can execute arbitrary shell commands and read local files. \n
- Sanitization: There is no sanitization or filtering of the data read from the filesystem, meaning malicious instructions embedded in project files could influence the agent's behavior.
Audit Metadata