Skills
skills/farmage/opencode-skills/javascript-pro/Gen Agent Trust Hub

javascript-pro

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes and refactors external JavaScript files, creating a surface for indirect prompt injection.
  • Ingestion points: Reads .js, .mjs, .cjs, and package.json files.
  • Boundary markers: Not specified in the instructions for separating user code from agent logic.
  • Capability inventory: Reference documentation includes fs/promises for file access and child_process for command execution.
  • Sanitization: No sanitization or validation of the processed code is defined.
  • [COMMAND_EXECUTION]: Provides documentation and code samples for Node.js child_process utilities like spawn and exec in references/node-essentials.md as part of standard development training.
  • [DATA_EXFILTRATION]: Documents the use of the fetch API and the fs/promises module for network and file operations in references/browser-apis.md and references/node-essentials.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 01:36 AM