Skills
skills/yunaamelia/mcp-agent-memory-pro/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The scripts/ts_diagnostic.py script executes system commands via a shell.\n
  • Evidence: subprocess.run(cmd, shell=True) is used in the run_cmd helper function to execute npx, node, and grep.\n
  • Risk: While the command strings are currently static, the use of shell=True is a security anti-pattern.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from the codebase it analyzes.\n
  • Ingestion points: The script reads and processes package.json, tsconfig.json, and all TypeScript files in the src/ directory.\n
  • Boundary markers: No boundary markers or 'ignore' instructions are used when outputting file contents or analysis results to the agent.\n
  • Capability inventory: The script performs file reads and executes subprocesses based on project structure.\n
  • Sanitization: No sanitization is performed on the data read from the local filesystem before it is displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:42 PM