Trust Assessment
tsconfig-gen received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Prompt Injection Vulnerability, Arbitrary File Write via User-Controlled Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Vulnerability The user-provided `projectType` string is directly concatenated into the 'user' message sent to the OpenAI API. This allows an attacker to inject arbitrary instructions into the LLM's prompt, potentially overriding system instructions, extracting sensitive information (like the system prompt itself), or generating malicious content. The system prompt's instruction to 'Return ONLY valid JSON' can be bypassed by a successful injection. Implement robust prompt injection defenses. This could include input sanitization, using a structured prompt format (e.g., XML tags) to clearly delineate user input from instructions, or employing an LLM firewall/moderation layer. Ensure the LLM is explicitly instructed to only process content within designated user input tags and to ignore any instructions outside of them. | LLM | src/index.ts:10 | |
| HIGH | Arbitrary File Write via User-Controlled Path The `--output` option in `src/cli.ts` allows a user to specify an arbitrary file path where the generated `tsconfig.json` content will be written. A malicious user could exploit this by providing a path traversal sequence (e.g., `../../../.bashrc` or `/etc/passwd`) to overwrite sensitive system files or other files outside the intended project directory with potentially malicious JSON content (especially if combined with a successful prompt injection). Validate the `options.output` path to ensure it is safe. Restrict the output path to be within the current working directory or a designated subdirectory. Prevent path traversal characters (e.g., `..`, `/` at the beginning) and ensure the filename does not contain directory separators. Consider using a library that safely resolves paths or explicitly disallowing absolute paths. | LLM | src/cli.ts:15 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/tsconfig-gen/package.json | |
| MEDIUM | Unpinned Dependencies in package.json The `package.json` file specifies dependencies using caret (`^`) ranges (e.g., `^12.1.0` for `commander`, `^4.73.0` for `openai`). While `package-lock.json` pins exact versions, `npx` (as suggested in `SKILL.md`) might not always respect the `package-lock.json` from the repository, especially during fresh installations or when the lockfile is not present. This introduces a supply chain risk, as future installations could pull in newer, potentially vulnerable, or malicious versions of dependencies if they are published. Pin all dependencies to exact versions in `package.json` (e.g., `"commander": "12.1.0"` instead of `"^12.1.0"`). This ensures deterministic builds and reduces the risk of unexpected dependency updates introducing vulnerabilities or breaking changes. | LLM | package.json:9 |
Scan History
Embed Code
[](https://skillshield.io/report/b19ba144ca7f59d0)
Powered by SkillShield