netsuite-suitescript-learning
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves analyzing user-provided SuiteScript files to generate educational annotations, quizzes, and documentation. This ingestion of untrusted data creates a surface for indirect prompt injection where malicious instructions embedded in the code could attempt to influence the agent's behavior.
- Ingestion points: Processes local file content through
review,annotate, andquiz --source=codemodes. - Boundary markers: The skill does not explicitly instruct the agent to use delimiters or specific ignore-instructions for the content of the analyzed files.
- Capability inventory: The skill is capable of modifying local files (adding annotations) and generating extensive project documentation.
- Sanitization: No explicit sanitization or validation of the input code content is described before it is processed for learning purposes.
- [SAFE]: The skill demonstrates secure coding practices for NetSuite development, specifically in the provided examples for cross-window communication using the
postMessageAPI with origin validation and recommending against the use ofeval(). - [EXTERNAL_DOWNLOADS]: The skill references related vendor resources including
netsuite-sdf-safe-guideandnetsuite-owasp-secure-coding. It accesses reference materials using relative paths (e.g.,../netsuite-sdf-safe-guide/references/). These are documented as internal references within the NetSuite development suite and do not represent untrusted external downloads.
Audit Metadata