typescript-check
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to perform TypeScript type checking based on the project's configuration.
- Evidence: In
SKILL.md, the workflow attempts to runnpm run type-check,npm run check, ornpx tsc --noEmit. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local development environment, creating a surface for indirect prompt injection.
- Ingestion points: The skill reads
package.jsoncontent and parses the stdout/stderr output from the compiler/npm commands. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts when the agent evaluates the tool output to generate reports or fix suggestions.
- Capability inventory: The skill has the capability to execute shell commands and modify files through its repair workflow.
- Sanitization: The compiler output is not sanitized before being interpreted by the agent for generating 'Active Repair Plans'.
Audit Metadata