fix-js-globals

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and refactor user-provided JavaScript source code. This creates a potential surface for Indirect Prompt Injection, where instructions embedded within comments or string literals in the analyzed code could attempt to manipulate the agent's logic during the refactoring process.
  • Ingestion points: Local JavaScript files (.js) and UI5 project configuration files (manifest.json, Component.js).
  • Boundary markers: The instructions do not specify the use of data delimiters or security-focused ignore-instructions to isolate the code being analyzed from the agent's command context.
  • Capability inventory: The skill leverages the agent's ability to read from and write to the local file system to apply modernization fixes.
  • Sanitization: No specific content validation or sanitization of the input source code is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 12:26 PM
Security Audit — agent-trust-hub — fix-js-globals