Skills
skills/weaaare/a11y-agents-kit/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes diagnostic commands such as npx tsc --version and node -e to inspect project configuration and the tooling environment.
  • [EXTERNAL_DOWNLOADS]: The skill leverages npx to run established utilities from the npm registry, including vitest, biome, and eslint.
  • [REMOTE_CODE_EXECUTION]: The skill uses standard TypeScript runners (tsx, ts-node) and reputable migration tools (ts-migrate) to facilitate development tasks.
  • [PROMPT_INJECTION]: The skill processes project configuration files (package.json, tsconfig.json) and source code which serve as ingestion points for external data. The diagnostic logic uses secure JSON parsing and hardcoded command strings to handle this data safely.
  • Ingestion points: package.json, tsconfig.json, and source files in the src/ directory.
  • Boundary markers: No explicit delimiters are used for the data read from project files.
  • Capability inventory: Execution of shell commands via subprocess.run, npx, and node -e for analysis and testing.
  • Sanitization: File content is parsed as structured JSON or processed using fixed command templates, preventing direct interpolation of untrusted content into shell execution paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 07:58 PM