javascript
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes and interacts with JavaScript and TypeScript source files, creating an indirect prompt injection surface where malicious instructions could be embedded in code comments or string literals within the processed files.
- Ingestion points: Processes .js, .jsx, .ts, .tsx, .mjs, .cjs, .mts, and .cts files from the project environment.
- Boundary markers: The skill does not define specific delimiters or instructions to treat embedded comments as untrusted data.
- Capability inventory: Operates in conjunction with LSP tools and coding skills that provide file system access and code modification capabilities.
- Sanitization: No explicit sanitization or filtering of code content is performed before processing.
Audit Metadata