reviewing-lwc-mobile-offline

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the @salesforce/eslint-plugin-lwc-graph-analyzer and eslint packages from the public npm registry. This is performed by the scripts/run-komaci.sh script to ensure the necessary analysis tools are present.
  • [COMMAND_EXECUTION]: The skill utilizes a shell script (scripts/run-komaci.sh) to invoke the ESLint engine for component analysis. This is a core part of the skill's functionality for providing automated code reviews.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes external code provided by the user.
  • Ingestion points: JavaScript and HTML source files from the LWC bundle.
  • Boundary markers: Absent; the skill reads source code directly into the context.
  • Capability inventory: File system read access and execution of the local Komaci runner script.
  • Sanitization: No explicit validation or sanitization of the component code is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 08:49 PM
Security Audit — agent-trust-hub — reviewing-lwc-mobile-offline