assess-react-native-migration
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because its core functionality requires the agent to read and process content from external repositories, which could contain malicious instructions designed to influence agent behavior.
- Ingestion points: The agent is instructed in
SKILL.mdto inspect production client codebases, workspace roots, CI configurations, and product documentation. - Boundary markers: The instructions do not define explicit delimiters or use specific language to warn the agent to ignore instructions embedded within the data it analyzes.
- Capability inventory: The skill is strictly diagnostic and read-only. No dangerous capabilities such as arbitrary command execution, network exfiltration, or file-system writing were identified in the instructions or configuration.
- Sanitization: The skill does not mention any sanitization or validation techniques for the content retrieved from external sources before it is processed by the agent.
Audit Metadata