reviewing-lwc-mobile-offline
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the
@salesforce/eslint-plugin-lwc-graph-analyzerandeslintpackages from the public npm registry. This is performed by thescripts/run-komaci.shscript to ensure the necessary analysis tools are present. - [COMMAND_EXECUTION]: The skill utilizes a shell script (
scripts/run-komaci.sh) to invoke the ESLint engine for component analysis. This is a core part of the skill's functionality for providing automated code reviews. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes external code provided by the user.
- Ingestion points: JavaScript and HTML source files from the LWC bundle.
- Boundary markers: Absent; the skill reads source code directly into the context.
- Capability inventory: File system read access and execution of the local Komaci runner script.
- Sanitization: No explicit validation or sanitization of the component code is performed before it is processed by the agent.
Audit Metadata