ts-plan
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core workflow involves reading and acting upon untrusted repository data (source code, documentation, and configuration files) that could contain malicious instructions.
- Ingestion points: The
LOAD_CONTEXTstep explicitly reads source code, tests, docs, andAGENTS.mdfrom the local environment. - Boundary markers: There are no instructions to use delimiters or to ignore potential instructions embedded within the ingested files.
- Capability inventory: The skill has the capability to write new files to the filesystem and execute local shell commands.
- Sanitization: No sanitization or filtering logic is specified for the repository content.
- [COMMAND_EXECUTION]: The
CHECK_GATESsection instructs the agent to execute local command-line tools using no-op flags (e.g.,--help, version checks, or dry-runs) to confirm they are available in the repository environment.
Audit Metadata