ui5-typescript-conversion

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform project setup tasks, such as modifying package.json, tsconfig.json, and ui5.yaml. It also recommends executing development-related commands like npm install and npx @ui5/ts-interface-generator. These are standard operations for UI5 developers and are performed on the project's own files.
  • [EXTERNAL_DOWNLOADS]: The instructions involve downloading and installing several development-time dependencies from the npm registry, including @sapui5/types, @ui5/ts-interface-generator, and typescript-eslint. These are well-known tools within the SAP/UI5 development ecosystem and are used here according to their intended purpose.
  • [PROMPT_INJECTION]: The skill defines a process for refactoring existing application code, which constitutes an indirect prompt injection surface as the agent must ingest untrusted source code from the project.
  • Ingestion points: The agent reads all files within the project (e.g., in the webapp/ directory).
  • Boundary markers: None explicitly requested, though the conversion task is constrained by specific technical rules.
  • Capability inventory: The agent is authorized to modify configuration files and execute build-related commands.
  • Sanitization: No specific sanitization of input source code is described, which is typical for code-to-code transformation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 05:34 AM
Security Audit — agent-trust-hub — ui5-typescript-conversion