typescript-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [No Executable Code] (INFO): The skill contains only documentation and rules for code reviews. No scripts (.py, .js, .sh) or executables are included in the skill definition.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze external content (TypeScript and Vue source code).
- Ingestion points: Input code provided by the user for review or refactoring as specified in the 'When to Use' section.
- Boundary markers: None. The skill does not define specific delimiters to wrap untrusted code or instructions to ignore embedded prompts within that code.
- Capability inventory: No capabilities. The skill lacks tools for file system access, network operations, or subprocess execution.
- Sanitization: None. There is no logic provided to sanitize or filter the content of the code being reviewed.
- [Prompt Injection] (SAFE): Although the skill uses strong phrasing such as 'NON-NEGOTIABLE RULES' and 'CRITICAL', these instructions are scope-limited to TypeScript formatting and architectural standards rather than attempts to override the underlying LLM's safety filters or extract system prompts.
Audit Metadata