generate-preview
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external React component files (.tsx), which introduces a surface for indirect prompt injection. Malicious instructions could be embedded within the source code comments or string literals of the input file to influence the agent's behavior during the analysis or subsequent implementation phases.
- Ingestion points: The contents of the React component file specified by the
component-pathparameter are parsed and analyzed. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between the input component data and its own task instructions.
- Capability inventory: The skill requires the ability to read local files and write results to the filesystem (creating .temp.json and .temp.md files).
- Sanitization: The skill does not define any sanitization or filtering logic for the data extracted from the source files before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a prerequisite tool named
skeletonto perform AST (Abstract Syntax Tree) analysis. The skill does not provide the source, installation scripts, or integrity checks for this tool, making it an unverifiable external dependency. - [COMMAND_EXECUTION]: The operational workflow requires the agent to execute the
skeletontool using a user-provided file path. This pattern poses a risk of command injection if the agent fails to properly sanitize thecomponent-pathinput before passing it to a shell environment.
Audit Metadata