check-zod-infer-type
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to automate linting and code auditing tasks to ensure TypeScript types are correctly derived from Zod schemas.
- [COMMAND_EXECUTION]: The instructions direct the agent to scan local directories for specific filenames (e.g.,
types.ts,type.ts) and directory names. This involves standard file system exploration (ls, find, grep) which is appropriate for the stated use case of project analysis. - [INDIRECT_PROMPT_INJECTION]: As the skill involves reading and analyzing project source code, there is a theoretical surface for indirect prompt injection if an analyzed file contains malicious instructions. However, this is a standard risk for any code-scanning tool and no specific bypasses were observed.
- [DATA_EXPOSURE]: The skill operates on the local codebase to identify redundancy in type definitions. There are no patterns suggesting data exfiltration or access to sensitive credentials (like .env or .ssh folders).
Audit Metadata