Skills
skills/flora131/atomic/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands (e.g., npx tsc, npm test) to perform environment analysis and code validation.
  • [COMMAND_EXECUTION]: The diagnostic script 'scripts/ts_diagnostic.py' uses subprocess.run with shell=True to run various CLI tools such as grep and tsc for project analysis.
  • [EXTERNAL_DOWNLOADS]: The skill mentions external tools and packages common to the TypeScript ecosystem, such as Biome, ESLint, and typesync, intended for use via standard package managers.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and processing local configuration files (package.json, tsconfig.json).
  • Ingestion points: Project configuration files like package.json and tsconfig.json are parsed in SKILL.md and scripts/ts_diagnostic.py.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore potential injection content within these files.
  • Capability inventory: The skill possesses capabilities for shell command execution and local file access.
  • Sanitization: Relies on structural JSON parsing and hardcoded command templates for processing file data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 04:39 PM