ts-modern
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
WebSearchandWebFetchto retrieve documentation from official sites includingdocs.medusajs.comandtypescriptlang.org. This is a standard and safe operation for documentation-oriented skills. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its pattern of processing external data alongside powerful tool capabilities.
- Ingestion points: External content is ingested via
WebSearchandWebFetchcommands directed at Medusa and TypeScript documentation (SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill has access to sensitive tools including
Bash,Write, andEdit, which could be exploited if malicious instructions were encountered in fetched content. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from external sources before it is processed by the agent.
Audit Metadata