ts-starter
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes 'typecheck', 'lint', and 'test' scripts automatically during the smoke validation phase (SKILL.md Step 10). If a project contains malicious code in its package.json scripts, the agent will execute it on the host system.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its high-privilege capabilities combined with untrusted data ingestion. 1. Ingestion points: Reads 'package.json', lockfiles, and configuration files from the project. 2. Boundary markers: Absent. 3. Capability inventory: Command execution (npm install, npm test) and file system write operations. 4. Sanitization: Absent; the skill merges project-provided scripts with internal templates.
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs several third-party Node.js packages (typescript, @biomejs/biome, vitest, husky, lint-staged). While these are industry-standard tools, they are external dependencies fetched at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata