react-component-porter
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it analyzes and replicates React component code provided by external users. This untrusted input could contain hidden instructions within code comments or string literals designed to manipulate the agent's behavior.
- Ingestion points: React component code snippets provided by the user for replication as described in SKILL.md.
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the provided code snippets.
- Capability inventory: The skill requires the ability to read project configuration and write new component files to the local file system.
- Sanitization: Absent. There is no mention of validating or sanitizing the user-provided code before analysis or implementation.
Audit Metadata