ui5-typescript-conversion

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to add development dependencies to package.json, including @sapui5/types, @openui5/types, typescript-eslint, and @ui5/ts-interface-generator. These are well-known, established tools from the SAP and UI5 community used for type definitions and code generation.
  • [COMMAND_EXECUTION]: The skill provides instructions for the user to execute standard package management and build commands, such as npm install, yarn install, and npx @ui5/ts-interface-generator. These commands are necessary for the project conversion process and are initiated by the user or under user guidance.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and transform existing UI5 source code. While this constitutes an attack surface, it is a required functionality for the skill's purpose.
  • Ingestion points: Project source files (JavaScript, XML, YAML, JSON) found in the webapp directory (referenced in SKILL.md and test_conversion.md).
  • Boundary markers: None explicitly defined in the provided markdown files.
  • Capability inventory: The skill can modify project files and instructs the execution of dependency management and code generation tools via the shell.
  • Sanitization: Not applicable as the skill performs structural code transformation on existing files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 04:38 AM
Security Audit — agent-trust-hub — ui5-typescript-conversion