Skills
skills/nguyenthienthanh/aura-frog/typescript-expert/Gen Agent Trust Hub

typescript-expert

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of reading and processing external data (source code files).
  • Ingestion points: The skill uses tools like Read, Grep, and Glob to ingest content from .ts, .tsx, .js, and .jsx files triggered by project activity.
  • Boundary markers: The instructions lack explicit delimitation or directives for the agent to ignore potential commands embedded within code comments or string literals in the analyzed files.
  • Capability inventory: The skill is granted Edit and Write capabilities, meaning a successful injection could lead to unauthorized file modifications.
  • Sanitization: No sanitization or input validation logic is present to filter out malicious instructions hidden within processed files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:11 PM