Skills
skills/kenlck/skills/ts-codemap/Gen Agent Trust Hub

ts-codemap

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local TypeScript build and update scripts using the tsx runtime. It also manages its own dependencies by running npm install within the skill directory.
  • [EXTERNAL_DOWNLOADS]: Fetches standard packages such as ts-morph and tsx from the official NPM registry.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by extracting JSDoc comments from the target codebase and summarizing them in MAP.md, which is intended for consumption by other AI agents.
  • Ingestion points: Source files in the target repository are read by scripts/lib.ts using fs.readFileSync.
  • Boundary markers: The generated MAP.md lacks delimiters or instructions for consuming agents to ignore instructions embedded within the extracted comments.
  • Capability inventory: The skill possesses filesystem write permissions to generate the index files.
  • Sanitization: Extracted JSDoc strings are not sanitized or escaped before being included in the map.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 09:11 AM