typescript-lsp
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on 'bunx' to download and execute the '@plaited/development-skills' package from an external registry during runtime. This introduces a dependency on third-party code that is not part of the skill's distributed files or a pre-verified trusted vendor.
- [COMMAND_EXECUTION]: The skill uses shell command execution via 'bun' and 'bunx' to invoke LSP tools. This capability allows the agent to run arbitrary scripts or tools installed via the Bun package manager.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and interprets user-provided source code files.
- Ingestion points: File paths and source code content are ingested through arguments passed to tools like 'lsp-hover', 'lsp-symbols', 'lsp-refs', and 'lsp-analyze'.
- Boundary markers: While the output is structured as JSON, the content within the JSON (such as TSDoc documentation or symbol names) is directly extracted from untrusted source files without specific delimiters to prevent the agent from following instructions embedded in those comments.
- Capability inventory: The skill has the ability to read the local filesystem and execute shell commands via 'bunx'.
- Sanitization: There is no evidence of content sanitization, filtering, or escaping for the data extracted from source files (e.g., function documentation or comments) before it is presented to the LLM.
Audit Metadata