ts-modern

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch to retrieve documentation from official sites including docs.medusajs.com and typescriptlang.org. This is a standard and safe operation for documentation-oriented skills.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its pattern of processing external data alongside powerful tool capabilities.
  • Ingestion points: External content is ingested via WebSearch and WebFetch commands directed at Medusa and TypeScript documentation (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external content as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill has access to sensitive tools including Bash, Write, and Edit, which could be exploited if malicious instructions were encountered in fetched content.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from external sources before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — ts-modern