component-unit-best-practice
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill requires the agent to ingest, review, and 'fix' user-provided code folders, which could contain malicious instructions embedded in comments or strings designed to manipulate agent behavior.
- Ingestion points: Component source files (
ComponentName.tsx), tests (ComponentName.test.tsx), and Storybook stories (ComponentName.stories.tsx) mentioned inSKILL.mdandreferences/standard.md. - Boundary markers: None. The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes the component units.
- Capability inventory: The skill explicitly instructs the agent to 'Fix all items that do not comply with the specifications' (修复所有不符合规范的项目), implying file-write and modification capabilities over the workspace.
- Sanitization: No evidence of sanitization, escaping, or validation of the ingested code content is present in the skill instructions.
Audit Metadata