component-unit-best-practice

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill requires the agent to ingest, review, and 'fix' user-provided code folders, which could contain malicious instructions embedded in comments or strings designed to manipulate agent behavior.
  • Ingestion points: Component source files (ComponentName.tsx), tests (ComponentName.test.tsx), and Storybook stories (ComponentName.stories.tsx) mentioned in SKILL.md and references/standard.md.
  • Boundary markers: None. The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes the component units.
  • Capability inventory: The skill explicitly instructs the agent to 'Fix all items that do not comply with the specifications' (修复所有不符合规范的项目), implying file-write and modification capabilities over the workspace.
  • Sanitization: No evidence of sanitization, escaping, or validation of the ingested code content is present in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 11:54 AM
Security Audit — agent-trust-hub — component-unit-best-practice