dx-migrate-js-to-ts-sdk
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements best practices for secret management by explicitly instructing the agent to never reveal delivery tokens or API keys, using placeholders in code examples instead.- [SAFE]: References to external Node.js packages such as @contentstack/delivery-sdk, @contentstack/persistance-plugin, and @contentstack/utils are within the official vendor namespace and represent standard tool dependencies.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process user-provided JavaScript snippets and files.
- Ingestion points: The skill accepts a javascript-snippet argument and can read file content using the Read, Grep, and Glob tools.
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore commands that may be embedded within the source code files being analyzed.
- Capability inventory: The agent's available tools are limited to file system reading and searching, with no access to network operations or system-altering commands.
- Sanitization: Input data is transformed for migration purposes without an explicit sanitization or safety-filtering layer for the content of the snippets.
Audit Metadata