migrate-to-shoehorn

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted TypeScript source files.\n
  • Ingestion points: The agent uses Grep and Read tools to scan *.test.ts, *.spec.ts, and *.test.tsx files.\n
  • Boundary markers: There are no explicit instructions to the agent to isolate or ignore instructions that might be embedded within the processed code files.\n
  • Capability inventory: The skill utilizes Write and Edit for file modification and Bash for command execution, creating a path for automated exploitation if malicious code is processed.\n
  • Sanitization: No sanitization or verification of the file content is performed before the agent acts upon the data.\n- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the @total-typescript/shoehorn package via npm. This is an established library from a well-known source intended for the specific purpose of the skill.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute npx tsc --noEmit to verify type-checking results, which is a standard procedure in TypeScript development environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — migrate-to-shoehorn